19 matches found
EUVD-2026-37628
Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...
PT-2026-36727
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...
CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header
The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...
PT-2026-28032
Name of the Vulnerable Software and Affected Versions imithemes Gaea versions prior to 3.8 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the execution of malicious...
CVE-2026-28110
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through =...
CVE-2025-69534
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...
CVE-2021-33483
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...
CVE-2025-62758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through = 3.8...
CVE-2025-67577 WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through = 3.8.20...
CVE-2025-41104
Summary: CVE-2025-41104 is an HTML injection vulnerability in Fairsketch’s RISE CRM Framework v3.8.1. The issue stems from insufficient validation of user input in the POST parameter custom_field_1 at /estimate_requests/save_estimate_request, enabling HTML injection. Affected software: Fairsketch...
CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enableunfilteredfilesupload function. This makes it possible for unauthenticated...
EUVD-2020-10117
Malware in sbrugna...
CVE-2024-10812 Open Redirect in binary-husky/gpt_academic
An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...
CVE-2025-0930 Reflected Cross-Site Scripting (XSS) vulnerability in TeamCal Neo
Reflected Cross-Site Scripting XSS in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’...
CVE-2025-0929 SQL injection vulnerability in TeamCal Neo
SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’...
NETSCOUT nGeniusPULSE Security Vulnerability
NetScout nGeniusPULSE is a comprehensive testing and infrastructure operational condition monitoring platform from NetScout, Inc. A security vulnerability exists in NETSCOUT nGeniusPULSE version 3.8 that stems from improper file permission management...
CVE-2022-28921
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
CVE-2018-20602
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
YzmCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-08781)
YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A cross-site request forgery vulnerability exists in YzmCMS version 3.8. A remote attacker can add an administrator account with the help of the /index.php/admin/adminmanage/add.html page to explo...