CVE-2026-27599

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration...

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-66845

TechStore 1.0 exposes a reflected XSS in the user_name endpoint: the id query parameter is echoed into HTML without output encoding or sanitization, allowing execution of arbitrary JavaScript in a victim’s browser. Root cause is lack of input encoding on reflection. CVE-2025-66845 is documented a...

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

linux/x86 execve /bin/sh anti-ids 40 bytes

No description provided by source. / N Shell : shellcodez Arch:x86 Platform:linux Size:40 Description: The shellcode to execute /bin/sh; This shellcode is anti-ids It not containz encoding engine but it not contain standart signatures as: "\xcd\x80" '\bin\sh' Tested on Slackware 10.0 Coded by...