PT-2025-45183

Name of the Vulnerable Software and Affected Versions Netigma versions 6.3.5 through 28102025 Description Netigma software contains a flaw related to improper neutralization of input during web page generation, potentially leading to Cross-site Scripting XSS. This issue arises from vulnerabilitie...

EUVD-2023-39197

Malicious code in bioql PyPI...

EUVD-2025-8326

Malicious code in bioql PyPI...

CVE-2025-9798

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

CVE-2025-58626 WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Stored XSS.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.3.5...

WordPress plugin RumbleTalk Live Group Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Incorrect Authorization

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Authorization due to missing checks in transformMiddleware which ignore certain query parameters. An attacker can access unauthorized files by including a ?raw?? ...

CVE-2025-26932

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

CVE-2025-26932

CVE-2025-26932 affects WPBot (WordPress WPBot ChatBot). The vulnerability is an authenticated Local File Inclusion (LFI) due to improper control of include/require statements. Affected versions are ChatBot up to 6.3.5. Patch status: Patched in the available update.

WordPress plugin ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-31869 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: kishan0725's Hospital Management System version 6.3.5 Description: A Cross-Site Request Forgery CSRF issue exists, allowing an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an...

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

CVE-2023-35193

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-28381

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...