PT-2026-36014

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save menu of the file /admin/ajax.php?action=save menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may b...

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability

Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...

CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request...

EUVD-2025-38262

AstrBot contains a directory traversal vulnerability...

PT-2025-39717

Name of the Vulnerable Software and Affected Versions Trust Reviews plugin for WordPress versions prior to 1.0 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is due to missing or incorrect nonce validation in the feed save function. An unauthenticated attacker ca...

CVE-2025-9101 zhenfeng13 My-Blog Tag save cross site scripting

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

Code-Projects Online Restaurant Management System 安全漏洞

Code-Projects Online Restaurant Management System is a Code-Projects open source online restaurant management system. A security vulnerability exists in Code-Projects Online Restaurant Management System version 1.0, which stems from the mishandling of the parameter last in the /admin/membersave.p...

The vulnerability of the automation_tree_rules_form_save() function in the Cacti network monitoring software allows a attacker to perform XSS attacks.

The vulnerability of the automationtreerulesformsave function in the Cacti network monitoring software automationtreerules.php is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/slide/save component...

CVE-2023-49378

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/form/save...

SUSE CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

CVE-2020-19199

A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code...