Placeto CMS SQL注入漏洞

Placeto CMS is a content management system developed by Blaher. Version 4 of Placeto CMS has a SQL injection vulnerability. This vulnerability stems from the page parameters having SQL injection vulnerabilities, which may allow authenticated attackers to manipulate database queries...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from the D-Link company. The D-Link DIR-513 v1.10 version has a security vulnerability, which stems from a stack buffer overflow in the webPage parameters of the goform/formWlanSetup module...

CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2021-28672

Xerox Phaser 6510 before 64.65.51 and 64.59.11 Bridge, WorkCentre 6515 before 65.65.51 and 65.59.11 Bridge, VersaLink B400 before 37.65.51 and 37.59.01 Bridge, B405 before 38.65.51 and 38.59.01 Bridge, B600/B610 before 32.65.51 and 32.59.01 Bridge, B605/B615 before 33.65.51 and 33.59.01 Bridge,...

EUVD-2005-3848

Malware in sbrugna...

EUVD-2014-0412

Malware in sbrugna...

CVE-2021-24764

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...

CVE-2017-17829

Bus Booking Script has SQL Injection via the admin/viewseatseller.php spid parameter or the admin/viewmember.php memid parameter...

CVE-2025-29426

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in /pages/class.php via the id and cys parameters...

CVE-2025-1871 SQL injection vulnerability in 101news

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php...

Kashipara Bus Ticket Reservation System 安全漏洞

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Name, Phone, and Email...

WordPress plugin Product Enquiry for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Task Reminder System 跨站脚本漏洞

Task Reminder System is a task reminder system by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of the Sourcecodester Task Reminder System, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could allow an authenticated use...

SUSE CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System. An attacker could exploit this vulnerability to execute arbitrary...

Online Medicine Ordering System 安全漏洞

Online Medicine Ordering System is an online medicine ordering system developed by Carlo Montero. A security vulnerability exists in version 1.0 of the Online Medicine Ordering System due to an unknown function in its /omos/admin/?page=user/list file that operates on the parameters First...

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

WordPress plugin Fast Flow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Fast Flow plugin prior to 1.2.12, which...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Event Espresso Core plugin has a security vulnerability, version 4.10.6.p and below allows...

Xuchang Yongcheng Network Technology Co., Ltd. website building system pi*** page fl*** parameters exist SQL injection vulnerability

Xuchang Yongcheng Network Technology Co., Ltd. is a company dedicated to Internet development, micro letter application development, enterprise Internet promotion. Xuchang Yongcheng Network Technology Co., Ltd. building system pi page fl parameters exist SQL injection vulnerability, attackers can...