CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...

FeehiCMS 安全漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which originates from an unvalidated id parameter in the User Update function, which could lead to a cross-site scripting attack...

Online Admission System SQL Injection Vulnerability

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /adminac.php. An attacker can exploit this vulnerability to...

auth-js 路径遍历漏洞

auth-js is a Supabase Auth isomorphic Javascript library open-sourced by Supabase. A path traversal vulnerability exists in versions of auth-js prior to 2.69.1, which stems from an unvalidated user-supplied UUID and could lead to URL path traversal...

LibreChat 访问控制错误漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An access control error vulnerability exists in LibreChat version v0.7.5-rc2, which stems from the Delete Attachment feature not validating the attachment ID, which could lead to a user deleting another person's attachment...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. version 1.0 of Online Sports Complex Booking System is vulnerable to SQL injection, which originates in scbs/classes/ Master.php?f=delete, the id parameter of the post request lacks...

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...

Ipeak Ibexwebcms SQL Injection Vulnerability

Ipeak Ibexwebcms is a website builder for booking housing from Ipeak Norway. A SQL injection vulnerability exists in ipeak Infosystems ibexwebCMS IPeakCMS 3.5, which originates from an unvalidated id parameter on the /cms/print.php page...