4441 matches found
CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2200
CVE-2026-2200 affects heyewei JFinalCMS 5.0.0. The weakness is in the API endpoint file /admin/admin/save; input manipulation can cause cross-site scripting. Exploitation is possible remotely and public exploits exist. The provided sources do not specify a remediation or patch version.
PT-2026-7044
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
JFinalCMS 代码注入漏洞
JFinalCMS is a content management system developed by heyewei’s individual developers. Version JFinalCMS 5.0.0 has a code injection vulnerability. This vulnerability stems from incorrect operations with the component API endpoints related to files and the ‘admin/admin/save’ endpoint, which may le...
CVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
CVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
CVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
CVE-2026-2075
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...
SourceCodester Simple Responsive Tourism Website 代码注入漏洞
SourceCodester Simple Responsive Tourism Website is an open-source tourism website developed by SourceCodester. Version 1.0 of SourceCodester Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the...
PT-2026-6991
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for cross site scripting. This issue is triggered through manipulation of the Title argument...
CVE-2026-2075
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...
CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...
EUVD-2026-5748
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...