EUVD-2025-208599

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...

generatedata 安全漏洞

Generatedata is a random data generation engine developed by Ben Keen as an individual project. Version 4.0.14 of Generatedata contains a security vulnerability, which stems from improper handling of special elements, potentially leading to SQL injection attacks...

EUVD-2025-208476

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14...

generatedata 安全漏洞

Generatedata is a random data generation engine developed by Ben Keen as an individual developer. Version 4.0.14 of Generatedata contains a security vulnerability, which stems from improper input during web page generation...

CVE-2024-41804

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

CVE-2025-62519

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

CVE-2025-62519

Summary: CVE-2025-62519 affects phpMyFAQ prior to 4.0.14, where an authenticated attacker with Configuration Edit permissions can exploit an SQL injection in the configuration update flow. The vulnerability stems from unsafely using user-supplied form keys as SQL identifiers in the update path (C...

CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

EUVD-2025-197804

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

CVE-2025-10186 WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.14 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion

The WhyDonate – FREE Donate button – Crowdfunding – Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the removerow function in all versions up to, and including, 4.0.14. This makes it possible for unauthenticated attackers to delete...

EUVD-2024-30499

Malicious code in bioql PyPI...

CVE-2025-49898 WordPress Dropshix plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14...

CVE-2025-49898 WordPress Dropshix plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14...

WordPress plugin Mail Bank 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin EmbedPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

LiteSpeed Source Code Disclosure/Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code Disclosure/Download', 'Description' = %q This module exploits a source code disclosure/download vulnerability in versions...

CVE-2024-41944 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the report/data/proofofplayReport API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the...