210 matches found
CVE-2024-41444
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...
CVE-2024-34717
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...
CVE-2025-15000
CVE-2025-15000 (Page Keys for WordPress) is a stored XSS in the Page Key parameter affecting Page Keys plugin versions
PT-2026-1598
Name of the Vulnerable Software and Affected Versions Page Keys versions prior to 1.3.4 Description The Page Keys plugin for WordPress is susceptible to Stored Cross-Site Scripting through the page key parameter. Insufficient input sanitization and output escaping allow authenticated attackers wi...
CVE-2025-12398
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
EUVD-2025-204661
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2025-12398
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2025-12398 Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2025-12660
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12660
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2025-47694
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2025-48949
Tenda AX3 V16.03.12.10CN was discovered to contain a stack overflow in the wpapskcrypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
PHPGurukul News Portal 安全漏洞
News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...
CVE-2025-8849 Denial of Service in danny-avila/librechat
LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...
LiteLLM 信息泄露漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from an information disclosure vulnerability that stems from exposing sensitive information when handling the health endpoint APIKEY parameter, which could lead to credential...
EUVD-2021-24778
Malware in sbrugna...
EUVD-2018-13009
Malware in sbrugna...
EUVD-2006-0553
Malware in sbrugna...
EUVD-2014-8943
Malware in sbrugna...
EUVD-2024-17512
Malicious code in bioql PyPI...