39 matches found
CVE-2025-58918 WordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7...
PT-2025-43864
Name of the Vulnerable Software and Affected Versions Waituk Entrada theme versions through 5.7.7 Description A Cross-Site Request Forgery CSRF issue exists in the Waituk Entrada theme. This allows attackers to perform actions on behalf of authenticated users without their knowledge. The...
WordPress plugin Entrada 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
EUVD-2022-46038
Malicious code in bioql PyPI...
EUVD-2025-28760
Malicious code in bioql PyPI...
WordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Entrada versions = 5.7.7...
WordPress Entrada Theme <= 5.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Entrada Type Theme Vulnerable versions = 5.7.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-58918 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5915a0847dad Credits Tran Nguyen Bao Khanh VCI - VN...
CVE-2025-10074 Portabilis i-Educar tipos cross site scripting
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...
WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17296)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Insira o novo tipo in the file /html/matPat/adicionartipoEntrada.php No detailed...
WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Theme Entrada versions = 5.7.7...
WordPress Entrada Theme <= 5.7.7 is vulnerable to SQL Injection
Software Entrada Type Theme Vulnerable versions = 5.7.7 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2025-39484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ccc061900a81 Credits Bonds Required privilege Unauthenticated Published 22 May,...
Falla en la lógica empresarial
¿Qué son las fallas de la lógica empresarial? Las fallas de lógica empresarial, también conocidas como defectos de lógica empresarial, son errores en el diseño de un sistema o proceso que permiten a los usuarios realizar acciones que no deberían ser posibles. Estos errores no son el resultado de ...
CVE-2022-42989
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting XSS vulnerability via the component Caixa de Entrada...
Cross site scripting
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting XSS vulnerability via the component Caixa de Entrada...
PT-2022-26696 · Sankhya · Erp Sankhya
Name of the Vulnerable Software and Affected Versions: ERP Sankhya versions prior to 4.11b81 Description: A cross-site scripting XSS issue was found in the Caixa de Entrada component. This allows for potential exploitation. Recommendations: For versions prior to 4.11b81, update to version 4.11b81...
CVE-2022-42989
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting XSS vulnerability via the component Caixa de Entrada...
CVE-2022-42989
ERP Sankhya before v4.11b81 is affected by CVE-2022-42989, a cross-site scripting (XSS) in the Caixa de Entrada component. The vulnerability allows injection of HTML/JavaScript via the Caixa de Entrada messaging feature, enabling potential account takeover and exposure of sensitive data. The CVSS...
CVE-2006-0462
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter...
CVE-2006-0462
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter...