CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

EUVD-2026-33653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

CVE-2026-42762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

EUVD-2026-32189

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-19774

ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting XSS vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue persists in versions patched for CVE-2023-38766 and allows an authenticated user to inject arbitrar...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the properties API endpoint. An attacker can access and retrieve the complete list of configurable metadata definitions by sending requests as an authenticated backend user without explicit...

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

CVE-2025-1171

A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site scripting. The attack can...

CVE-2025-1379

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection. The attack can be...

CVE-2025-1195

A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may b...

CVE-2025-1196

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack...

CVE-2025-1170

A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2025-1576

A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajaxstate.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can ...

CVE-2025-49918

Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.2...

WordPress plugin VikBooking Hotel Booking Engine & PMS 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin VikBooking Hotel Booking...

CVE-2025-5803

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.2...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.2...

EUVD-2025-38146

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.2...

PT-2025-45239

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.2...