phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2024-8528

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized...

CVE-2025-63229

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...

PT-2025-47411

Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface is susceptible to a reflected Cross-Site Scripting XSS issue. An attacker can inject a malicious JavaScript payload into the ?m= query...

PT-2025-47075

Name of the Vulnerable Software and Affected Versions Code-Projects Student Information System version 2.0 Description A flaw exists in Code-Projects Student Information System 2.0 related to SQL injection. The issue is located in the /searchquery.php file, where manipulation of the s argument ca...

📄 moew.government.bg Cross Site Scripting

moew.government.bg suffers from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the administrators for a year and they have not addressed the issue, putting their users at risk, so...

EUVD-2025-38306

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

PT-2025-45503

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-BugMaker CVE-2021-44228 Log4Shell Vulnerability Dem...

CVE-2025-12267 abhicodebox ModernShop search cross site scripting

A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-11912

CVE-2025-11912 affects Shenzhen Ruiming Technology’s Streamax Crocus v1.3.40. The vulnerability resides in the Query function of /DeviceState.do (Action=Query), where manipulating the orderField parameter enables SQL injection. It can be triggered remotely, and published exploits exist. Multiple ...

Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

EUVD-2025-34530

The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'taxquery' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

CVE-2025-11433

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

CVE-2025-11433

CVE-2025-11433 affects the open-source itsourcecode Leave Management System v1.0. The vulnerability resides in the Redirect/Query Parameter Handler within the file /module/employee/controller.php?action=reset, where manipulation of the argument ID enables reflected cross-site scripting (XSS). Att...

PT-2025-41225

Name of the Vulnerable Software and Affected Versions itsourcecode Leave Management System version 1.0 Description A security flaw exists in itsourcecode Leave Management System 1.0. The issue impacts the redirect function within the /module/employee/controller.php?action=reset file, specifically...

EUVD-2012-1805

Malware in sbrugna...