CVE-2026-3001 Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

CVE-2026-3001

The CWE: CVE-2026-3001 affects the Gutenverse WordPress plugin, up to version 3.4.6. The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search title block: render_content() echoes get_query_var('s') directly into HTML without escaping, enabling an attacker to craft a URL that inje...

CVE-2026-3001

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

EUVD-2026-32114

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the rendercontent method in class-search-result-title.php outputs the val...

CVE-2026-9607

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

EUVD-2026-29900

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-50668

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

CVE-2025-50645

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoelistopt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow...

EUVD-2025-209358

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

EUVD-2025-209323

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoelistopt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow...

CVE-2025-50668

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router produced by D-Link Corporation. The D-Link DI-8003 version 16.07.26A1 has a security vulnerability. This vulnerability stems from improper handling of the s parameter in the /weblistopt.asp endpoint, which may lead to a buffer overflow...

CVE-2025-50668

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /weblistopt.asp endpoint...

PT-2026-31371

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe list opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow...

PT-2026-31400

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.26A1 Description A buffer overflow exists due to improper handling of the s parameter in the '/web list opt.asp' API endpoint. Recommendations At the moment, there is no information about a newer version that...

CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2019-25575

CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...

CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...