79 matches found
CVE-2026-50890
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
PT-2026-49331
Name of the Vulnerable Software and Affected Versions grocy version 4.6.0 Description SQL injection occurs at the '/stockreports/spendings' endpoint through the product-group parameter. This allows attackers to access sensitive database information by using a crafted SQL statement. SQL injection ...
CVE-2026-50890
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-50890
Bernd Bestel grocy v4.6.0 is affected by a SQL injection in the product-group parameter at /stockreports/spendings. The issue allows extracting sensitive database information via a crafted SQL statement. Environment references this vulnerability across multiple sources (NVD, ENISA EUVD, CVE recor...
EUVD-2026-19344
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
GHSA-XQM9-6QMM-XRQH Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
Cross-site Scripting (XSS)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Group, Category, or Description parameters in the Permissions module. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads into...
CVE-2026-31354
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Group, Category, or Description parameters in the...
PT-2026-30668
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
CVE-2026-31354
CVE-2026-31354 refers to multiple authenticated stored XSS vulnerabilities in Feehi CMS v2.1.1, specifically in the Permissions module where payloads can be injected via Group, Category, or Description parameters. The issue is confirmed across connected sources (Red Hat CVE entry, ENISA/EUVD entr...
EUVD-2026-18310
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34814
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34814 Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34814 Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
Endian Firewall 跨站脚本漏洞
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...
PT-2026-29774
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
Key Systems Global Facilities Management Software 安全漏洞
Key Systems Global Facilities Management Software is a facilities management system developed by the American company Key Systems. Version 20230721a of Key Systems Global Facilities Management Software contains a security vulnerability. This vulnerability stems from the use of cross-site scriptin...
Directory Traversal
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the sendfromdirectory function. An attacker can access files within the application package directory by supplying crafted path-traversal...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the DataStats function, which passes user input directly to goqu.L for execution on the database without escaping. An attacker can execute SQL by supplying malicious input to the column, group, or order parameters of th...