EUVD-2011-0920

Malware in sbrugna...

EUVD-2025-24999

Malicious code in bioql PyPI...

CVE-2025-8720

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2025-8720

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-8720 Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-8720

CVE-2025-8720 (Plugin README Parser) affects WordPress Plugin README Parser versions up to and including 1.3.15. The root cause is insufficient input sanitization and output escaping for the target parameter, enabling a Stored Cross-Site Scripting (XSS) attack. Exploitation requires authenticated...

CVE-2025-8720 Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-33466 · WordPress · Plugin Readme Parser

Name of the Vulnerable Software and Affected Versions: Plugin README Parser versions up to and including 1.3.15 Description: The Plugin README Parser plugin for WordPress is susceptible to Stored Cross-Site Scripting via the target parameter due to insufficient input sanitization and output...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017

Snort Report is vulnerable in versions prior to 1.3.2 due to improper sanitization in the nmap.php and nbtscan.php scripts. The vulnerability allows remote command execution via the target GET parameter with no authentication, potentially resulting in full system compromise. Public reports and CV...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

PT-2025-33086 · Snort +1 · Snort +1

Name of the Vulnerable Software and Affected Versions: Snort versions prior to 1.3.2 Description: Snort Report versions prior to 1.3.2 contain a remote command execution issue in the nmap.php and nbtscan.php scripts. These scripts do not properly sanitize user input received through the target GE...

CVE-2020-11702

An issue was discovered in ProVide formerly zFTPServer through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is Stored via the displayname parameter. Deletemultiple is Reflected via the files parameter...

Atheos 安全漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to v602, which stems from the $target parameter in /controller.php not being properly validated, which could lead to the execution of arbitrary files via path travers...

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...

CVE-2025-22152 Improper Path Validation Enables Path Traversal in Multiple Components in Atheos

Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...

COMFAST CF-XR11 命令注入漏洞

The COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which can be exploited to execute arbitrary code via the target parameter of the sub431F64 function in bin/webmgnt...

CVE-2022-4710

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wprajaxsearchlinktarget' parameter in the 'datafetch' function. This makes it possibl...