WordPress Google Analyticator Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Google Analyticator WordPress plugin versions prior to 6.4.9.6. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

Microweber 1.0.8 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Microweber CMS version 1.0.8. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

PT-2026-5614

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

EUVD-2021-34753

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

CVE-2021-47918

CVE-2021-47918 concerns Simple CMS 2.1 with a remote SQL injection in the users module. The vulnerability arises from unvalidated input in the admin.php handler, allowing an attacker with privileges to inject arbitrary SQL commands, potentially compromising both the database management system and...

EUVD-2021-34756

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

CVE-2021-47856 Easy Cart Shopping Cart 2021 Cross-Site Scripting via Search Parameter

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

CVE-2021-47856 Easy Cart Shopping Cart 2021 Cross-Site Scripting via Search Parameter

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

PT-2026-5561

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

CVE-2026-1701 itsourcecode School Management System index.php sql injection

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1701 itsourcecode School Management System index.php sql injection

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

EUVD-2026-5021

A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-1687

CVE-2026-1687 concerns Tenda HG10 devices with Boa Webserver, where an issue in the /boaform/formSamba handler allows remote command injection by manipulating the serverString argument. The vulnerability affects the Boa Webserver component and could enable an attacker to execute arbitrary command...

CVE-2026-1595

A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-1589

The CVE-2026-1589 entry affects itsourcecode School Management System 1.0. A SQL injection vulnerability exists in the /ramonsys/inquiry/index.php file, triggered by manipulating the txtsearch argument. This can be exploited remotely and has public disclosure. Affects an unknown function within t...

PT-2026-5299

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add expenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-1449

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function PageLoad of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...