MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...

CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

HCL Digital Experience Compose 安全漏洞

HCL Digital Experience Compose is an enterprise-level content creation and digital experience management platform developed by the Indian company HCL. HCL Digital Experience Compose has a security vulnerability, which stems from a reflection-type cross-site scripting issue in the search center...

EUVD-2026-33473

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153 westboy CicadasCMS AbstractCacheManager.java search cross site scripting

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

CVE-2026-10153 affects westboy CicadasCMS; the issue resides in the Search function of org/springframework/cache/support/AbstractCacheManager.java, where manipulation of the argument s enables cross-site scripting. Exploitation is remote and the exploit has been published. The project uses a roll...

PT-2026-45138

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...

VPN Browser+ 安全漏洞

VPN Browser+ is a mobile browser application developed by VPN Browser Company, featuring integrated virtual private network capabilities. Version 1.1.0.0 of VPN Browser+ contains a security vulnerability. This vulnerability stems from the search function’s improper handling of extremely large...

FastTube 安全漏洞

FastTube is a third-party client provided by FastTube Corporation for watching YouTube videos. Version 1.0.1.0 of FastTube contains a security vulnerability. This vulnerability stems from the search function’s improper handling of overly long strings, which may allow local attackers to cause the...

VSCO 安全漏洞

VSCO is a photo and video editor developed by the VSCO company. Version VSCO 1.1.1.0 contains a security vulnerability. This vulnerability arises from the search function’s improper handling of overly long strings, which may allow local attackers to cause the application to crash by submitting...

SIMPLE.ERP SQL注入漏洞

SIMPLE.ERP is an e-commerce platform provided by the SIMPLE company. Versions of SIMPLE.ERP prior to [email protected] contained a SQL injection vulnerability. This vulnerability stemmed from the lack of input validation in the search function, which could lead to SQL injection attacks...

elearning-script SQL injection vulnerability

elearning-script is an e-learning blog developed by Amit Kollol Dey. Version 0.1.0 of elearning-script has a SQL injection vulnerability. This vulnerability arises from the lack of validation for user input in the search function, which may lead to SQL injection attacks...

LavaLite cross-site scripting vulnerabilities

LavaLite is a lightweight content management system developed under the Lavalite open source project. Versions of LavaLite 10.1.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improperly encoded HTML or JavaScript stored in the package creation and...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

CVE-2025-67261

CVE-2025-67261 affects Abacre Retail Point of Sale 14.0.0.396. The issue is a content-based blind SQL injection in the Orders page > Search function. Technical evidence shows exploit payloads attempting to infer database structure (e.g., existence of Client table via EXISTS(SELECT 1 FROM Clien...

Hikvision NVR/DVR Devices 安全漏洞

Hikvision NVR/DVR Devices are a series of network cameras from Hikvision, a Chinese company. A security vulnerability exists in Hikvision NVR/DVR Devices that stems from a stack overflow in the device's search and discovery function, which could allow an attacker on the same LAN to cause the devi...