Astra Linux - уязвимость в mbedtls

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

PT-2026-33401

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search' parameters in all versions up to, and including, 1.15.40. This is due to the WDW FM Library::validate data method calling stripslashes...

Web Wiz Forums SQL注入漏洞

Web Wiz Forums is a community forum system developed by the British company Web Wiz. Version 12.01 of Web Wiz Forums contains a SQL injection vulnerability. This vulnerability stems from SQL injection in the PF parameters, which could allow unverified attackers to manipulate database queries...

PT-2026-8239

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in / db/ system/ admin/aardvark/index.html to execute JavaScrip...

CVE-2025-15283

CVE-2025-15283 refers to the WordPress plugin Name Directory (versions up to 1.30.3) with a stored cross-site scripting (XSS) flaw in the name_directory_name and name_directory_description parameters. Public sources (Wordfence Intelligence) document unauthenticated exploitation and a high-severit...

CVE-2005-1443

Multiple cross-site scripting XSS vulnerabilities in index.php for Invision Power Board IPB 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the 1 act, 2 Members, 3 calendar, or 4 HID parameters...

EUVD-2008-5605

Malware in sbrugna...

EUVD-2006-1710

Malware in sbrugna...

EUVD-2005-1785

Malware in sbrugna...

EUVD-2012-4527

Malware in sbrugna...

EUVD-2022-3656

Malicious code in bioql PyPI...

EUVD-2022-44670

Malicious code in bioql PyPI...

EUVD-2023-52867

Malicious code in bioql PyPI...

CVE-2024-42788

A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields...

CVE-2024-50830

A SQL Injection vulnerability was found in /admin/calendarofevents.php in kashipara E-learning Management System Project 1.0 via the datestart, dateend, and title parameters...

CVE-2023-51295

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

CVE-2025-29431

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in /pages/department.php via the id, code, and name parameters...

CVE-2025-28015

A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters...

CVE-2023-51303

PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

CVE-2023-51299

PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...