CVE-2025-40644 Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla

Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...

EUVD-2016-2665

Malware in sbrugna...

UBUNTU-CVE-2024-47682

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sdreadblockcharacteristics Ff the device returns page 0xb1 with length 8 happens with qemu v2.x, for example, sdreadblockcharacteristics may attempt an out-of-bounds memory access when accessing...

Online Railway Reservation System 访问控制错误漏洞

Online Railway Reservation System is an online railroad reservation system by adminastro individual developers. An access control error vulnerability exists in SourceCodester Online Railway Reservation System version 1.0, which stems from an improper access control issue contained in the id...

PT-2024-25204 · Lumisxp · Lumisxp

Name of the Vulnerable Software and Affected Versions: Lumisxp versions 15.0.x through 16.1.x Description: A cross-site scripting XSS issue in the main.jsp component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter. Recommendations...

OroPlatform 安全漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A security vulnerability exists in OroPlatform that originates from allowing logged-in users to access page state data from other users' fixed pages via pageI...

WordPress plugin WooCommerce PDF Invoice Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF Invoi...

PT-2023-25693 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.89 Description: The issue arises from insufficient escaping on the user-supplied pageId parameter and lack of sufficient preparation on the existing SQL...

PT-2022-16164 · Wiki.Js · Wiki.Js

Name of the Vulnerable Software and Affected Versions: Wiki.js affected versions not specified Description: The issue affects Wiki.js, a wiki app built on Node.js, where an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths. This is...

ShowDoc Information Disclosure Vulnerability

ShowDoc is an online document sharing tool. A security vulnerability exists in ShowDoc version 2.4.1. The vulnerability can be exploited by a remote attacker to obtain sensitive information via the modified 'pageid' parameter...

PT-2016-3514 · Ibm · Ibm Tivoli Netview Access Services

Name of the Vulnerable Software and Affected Versions: IBM Tivoli NetView Access Services NVAS affected versions not specified Description: The issue allows remote authenticated users to gain privileges by entering the ADM command and modifying a page ID field to the EMSPG2 transaction code. It i...

PT-2006-6584 · Omnistar · Omnistar Article Manager

Name of the Vulnerable Software and Affected Versions: OmniStar Article Manager affected versions not specified Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is possible via the article id parameter in...