CVE-2026-1398

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

Sangfor Operation and Maintenance Security 命令注入漏洞

Sangfor Operation and Maintenance Security is an operation and maintenance security management system from China's Sangfor. A command injection vulnerability exists in Sangfor Operation and Maintenance Security version 3.0, which stems from an incorrect manipulation of the parameter loginUrl in t...

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11190 CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11189

CVE-2025-11189 affects the Kiwire Captive Portal. The vulnerability is a reflected cross-site scripting (XSS) flaw in the login-url parameter, enabling JavaScript execution. Documented across multiple feeds (NVD, Red Hat, EUVD/ENISA, CVE lists), with CVSSv3.1 base score 7.3 (HIGH), attack vector ...

PT-2025-40385

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a user's browser. This is achieved by sending a malicious URL to a victim. The vulnerability is reflected through...

WordPress Plugin Change default login logo,url and title 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Change default login...

PT-2022-27457 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.6.0 Description: A cross-site scripting XSS issue exists in the Url parameter of the "/login.php" API endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For EyouCMS...

aspcms Station system injection 0day-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...

st-shop Mall system v1. 0 can be injection-vulnerability warning-the black bar safety net

st-shop is a simple, easy to modify, free web-shop system. Function Description: 1. Supports up to Level 3 commodity classification 2. Support picture upload 3. Members of the management 4. Shopping cart system Admin login address: adminlogin. asp The initial user name and password: admin/8 8 8 8...

micecms a"tasteless"vulnerability and the Fix attached to the EXP-bug warning-the black bar safety net

| Not to say thisloophole. what are the requirements but directly change the administrator password such as you into the background after the real administrator are not more don't know the new password is what, so only tasteless Classic white look at the code！.......... index\setpwdAction.php The...