Lucene search
K

1041 matches found

Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6860

Summary A Path Traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old title parameter in the wiki editing form. Vulnerability...

7.2CVSS5.8AI score0.00654EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6758

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.13.0 through 0.13.3 Description Gogs is a self-hosted Git service. A path traversal issue exists in the updateWikiPage function. An authenticated user with write access to a repository's wiki can...

9.9CVSS5.8AI score0.27661EPSS
Exploits45References115
CVE
CVE
added 2026/02/03 4:52 p.m.11 views

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows manipulation of database queries via unvalidated input (e.g., the 'title' parameter). Impact includes potential data extraction or modification (confidentiality and integrity). Root cause: unvalida...

9.8CVSS5.2AI score0.00349EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.27 views

CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

8.8CVSS0.00349EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5855

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

8.8CVSS5.2AI score0.00349EPSS
Exploits1References4
CVE
CVE
added 2026/01/28 12:0 a.m.12 views

CVE-2025-70336

PodcastGenerator 3.2.9 contains a stored XSS vulnerability in the Create New Live Item workflow. Attackers can inject script/HTML via TITLE, SHORT DESCRIPTION, or LONG DESCRIPTION; the payload is executed on the View All Live Items and Live Stream pages. The issue is confirmed across multiple fee...

4.8CVSS5.9AI score0.00176EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5119

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...

6.4CVSS6AI score0.00249EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 a.m.4 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

5.9AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/20 3:27 a.m.11 views

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

6.1CVSS3.9AI score0.00318EPSS
Exploits1References1
Talos
Talos
added 2026/01/20 12:0 a.m.8 views

MedDream PACS Premium modifyCoercion reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2262 MedDream PACS Premium modifyCoercion reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54861 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premiu...

6.1CVSS5.7AI score0.00235EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/19 11:30 a.m.10 views

CVE-2026-1118

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

9.8CVSS5.5AI score0.00323EPSS
Exploits1References1
OSV
OSV
added 2026/01/19 4:15 a.m.4 views

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

6.1CVSS4.2AI score0.00318EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/19 3:2 a.m.3 views

CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

5.3CVSS3.9AI score0.00318EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/19 3:2 a.m.4 views

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

6.1CVSS3.9AI score0.00318EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/19 3:2 a.m.23 views

CVE-2026-1135

CVE-2026-1135 affects itsourcecode Society Management System 1.0. The vulnerability is a cross-site scripting flaw in the /admin/activity.php function where modifying the Title parameter enables script injection. Exploitation is possible remotely and public exploits exist. Multiple connected sour...

6.1CVSS5.4AI score0.00318EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/19 3:2 a.m.26 views

CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

5.3CVSS0.00318EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.8 views

PT-2026-3422

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

5.3CVSS5.6AI score0.00318EPSS
Exploits1References5
CNVD
CNVD
added 2026/01/19 12:0 a.m.2 views

Intern Membership Management System /add_activity.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...

7.2CVSS6AI score0.0033EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.7 views

Itsourcecode Society Management System Code Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the file...

6.1CVSS5.7AI score0.00318EPSS
Exploits1References5
OSV
OSV
added 2026/01/18 11:15 a.m.6 views

CVE-2026-1118

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

9.8CVSS5.8AI score0.00323EPSS
Exploits1References5
Rows per page
Query Builder