149 matches found
PT-2026-43435
A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...
CVE-2020-37240
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240 Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240 Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2020-37240
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CodeKernel Token - Queue Management System 跨站脚本漏洞
CodeKernel Token - Queue Management System is a Laravel-based queueing and customer waiting list management system developed by CodeKernel. Version 4.0.0 of CodeKernel Token - Queue Management System contains a cross-site scripting vulnerability. This vulnerability stems from storage-type...
PT-2026-41440
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...
CVE-2026-5113
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...
CVE-2026-5113 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...
CVE-2025-13484
CVE-2025-13484 affects Campcodes Complete Online Beauty Parlor Management System 1.0, in the file /admin/customer-list.php. The vulnerability is a cross-site scripting flaw caused by manipulation of the Name parameter due to insufficient input filtering/escaping, allowing execution of arbitrary w...
Beauty Parlour Management System customer-list.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/customer-list.php. An attacker can...
EUVD-2021-11114
Malware in sbrugna...
EUVD-2022-34931
Malicious code in bioql PyPI...
CVE-2025-10961
A vulnerability was determined in Wavlink NU516U1 M16U1V240425. This affects the function sub4030C0 of the file /cgi-bin/wireless.cgi of the component DeleteMaclist Page. Executing manipulation of the argument deletelist can lead to command injection. The vendor was contacted early about this...
PT-2025-39436
Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists in the function sub 4030C0 within the file /cgi-bin/wireless.cgi of the Delete Mac list Page component. Manipulation of the delete list argument can result in command injection. The vendo...
CVE-2025-10218
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-10218
CVE-2025-10218 affects lostvip-com ruoyi-go 2.1, specifically the SelectListPage function in modules/system/dao/SysRoleDao.go. The vulnerability arises from manipulation of the sortName argument, enabling SQL injection with remote exploitation reported as possible. Exploitation code has been publ...
PT-2025-37101
Name of the Vulnerable Software and Affected Versions: ruoyi-go version 2.1 Description: A flaw exists in the SelectListPage function within the SysRoleDao.go file of the Background Management Page component. Manipulation of the sortName argument can lead to SQL injection. Remote exploitation is...