EUVD-2021-34756

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

Webgrind 操作系统命令注入漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. An operating system command injection vulnerability exists in Webgrind version 1.1, which stems from an unvalidated dataFile parameter in index.php, and could lead to the injection of operating syst...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated numsyncs parameter that could lead to over-allocation...

WordPress plugin Social-Share-Buttons SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

CVE-2025-12835 WooMulti <= 1.7 - Subscriber+ Arbitrary File Deletion

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server...

PT-2025-50561

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...

CVE-2025-67502 Taguette does not safeguard against Open Redirect

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without an...

Warehouse Management System 安全漏洞

Warehouse Management System is a warehouse management system by Carlo Montero Personal Developer. A security vulnerability exists in Warehouse Management System version 1.2, which stems from an unvalidated goodsimg parameter that could cause an authenticated user to delete arbitrary files...

Blog Site blog.php File SQL Injection Vulnerability

Blog Site is a blogging system. Blog Site suffers from an SQL injection vulnerability that originates from the lack of validation of the name/field parameter in the file /resources/functions/blog.php for externally typed SQL statements. An attacker can exploit this vulnerability to execute illega...

Library System return.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /return.php. An attacker can exploit this vulnerability to execute illegal SQL commands ...

CVE-2025-12569

The CVE-2025-12569 entry corresponds to an Open Redirect in the WordPress plugin Front User Submit / Front Editor (WP Front User Submit). Affected versions are prior to 5.0.0 (per the CVE) and, per Patchstack,

CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

PT-2025-47885

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

Student Record System change-password.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version 1.0, which originates from an unvalidated parameter in clientuser/feedback.php and could lead to a cross-site...

Kashipara Online Furniture Shopping Ecommerce Website 安全漏洞

Kashipara Online Furniture Shopping Ecommerce Website is a fast online shopping ecommerce website from Kashipara. A security vulnerability exists in Kashipara Online Furniture Shopping Ecommerce Website version 1.0, which stems from an unvalidated useremail parameter in userlogin.php, which could...

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...