10 matches found
CVE-2026-53943
The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...
CVE-2026-1198
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...
CVE-2026-1198
SIMPLE.ERP is affected by a SQL Injection in the search feature in the "Obroty na kontach" window. The issue arises from insufficient input validation, allowing an authenticated attacker to craft a query that could be executed by the database. The CVE entry notes a high impact (CVSS v4.0 base sco...
PT-2026-22138
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected] u06...
EUVD-2026-4762
Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1...
CVE-2025-9339
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6...
CVE-2025-2109
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
WordPress WP Compress plugin <= 6.30.03 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Compress versions = 6.30.03...
Nordaaker Convos 跨站脚本漏洞
Nordaaker Convos is an open source web browser-based multi-user chat application from Nordaaker, Norway. A cross-site scripting vulnerability exists in Convos-Chat that stems from a stored cross-site scripting XSS issue in Convos-Chat prior to 6.32. An attacker could exploit the vulnerability to...
mIRC Resource Management Error Vulnerability
mIRC is a Windows-based interconnected relay chat client program. A resource management error vulnerability exists in mIRC versions prior to 6.35. An attacker can exploit this vulnerability to cause a denial of service crash with a long alias...