Lucene search
+L

1048 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.51 views

PT-2026-1014

Name of the Vulnerable Software and Affected Versions code-projects Online Guitar Store version 1.0 Description A SQL injection issue exists in code-projects Online Guitar Store version 1.0. The issue is located in an unknown function within the /admin/Create product.php file. Manipulating the dr...

9.8CVSS7.2AI score0.00329EPSS
Exploits1References12
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Bold Timeline Lite plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Parameter in 'boldtimelinegroup' Shortcode vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/27 2:15 p.m.8 views

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

9.8CVSS6.4AI score0.13992EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/12/27 12:0 a.m.8 views

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

10CVSS7.8AI score0.13992EPSS
Exploits2References2
NVD
NVD
added 2025/12/13 4:16 p.m.7 views

CVE-2025-14278

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidetitle' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping in JavaScript. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00195EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 5:12 a.m.12 views

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

9.8CVSS7.3AI score0.72043EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.6 views

CVE-2025-14032

The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'boldtimelinegroup' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:20 a.m.21 views

CVE-2025-14032

CVE-2025-14032 affects Bold Timeline Lite (WordPress) up to version 1.2.7, exposing a Stored Cross‑Site Scripting (Stored XSS) via the title parameter in the bold_timeline_group shortcode. The issue stems from insufficient input sanitization and output escaping, enabling authenticated attackers w...

6.4CVSS4.8AI score0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-14032 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode

The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'boldtimelinegroup' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.8AI score0.00245EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS6.3AI score0.00494EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.14 views

PT-2025-50844

The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold timeline group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.1AI score0.00245EPSS
Exploits0References5
OSV
OSV
added 2025/12/11 6:16 p.m.8 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS5.8AI score0.00494EPSS
Exploits1References2
NVD
NVD
added 2025/12/11 6:16 p.m.16 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS0.00494EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.34 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

0.00494EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.6 views

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version 1.0.1, which stems from an unfiltered title parameter in admin/add-session.php, which could lead to a cross-site...

8.8CVSS6.1AI score0.00494EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/11 12:0 a.m.5 views

EUVD-2025-202753

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS5.7AI score0.00494EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

5.8AI score0.00494EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50648

Name of the Vulnerable Software and Affected Versions edoc-doctor-appointment-system version 1.0.1 Description The edoc-doctor-appointment-system software is affected by a Cross Site Scripting XSS issue. This issue occurs in the 'admin/add-session.php' component through the title parameter...

8.8CVSS6.2AI score0.00494EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/03 12:26 a.m.9 views

CVE-2025-65877

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

7.5CVSS7.9AI score0.00261EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/02 9:31 p.m.6 views

EUVD-2025-200301

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

6.5CVSS7.3AI score0.00261EPSS
Exploits1References2
Rows per page
Query Builder