CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

CVE-2026-41926

CVE-2026-41926 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The firewall.cgi binary exposes an OS command injection across five request handlers due to insufficient input validation. Attacks can inject arbitrary shell commands through parameters including websURLFilter, web...

EUVD-2015-9409

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

CVE-2026-3710

A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...

CVE-2026-3180 Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

EUVD-2021-34763

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

PT-2026-2302

Name of the Vulnerable Software and Affected Versions Gym-Management-System-PHP version 1.0 Description The application contains multiple SQL Injection flaws. An attacker, whether authenticated or not, can potentially bypass authentication, execute arbitrary SQL commands, modify database records,...

CVE-2024-44664

PHPGurukul Online Shopping Portal 2.0 is affected by an SQL Injection in product-details.php. The vulnerability arises from lack of input validation for the name, summary, review, quality, price, and value parameters, allowing an attacker to alter SQL queries executed by the application. Based on...

EUVD-2017-8782

Malware in sbrugna...

EUVD-2021-23421

Malware in sbrugna...

EUVD-2019-16961

Malware in sbrugna...

EUVD-2005-2400

Malware in sbrugna...

EUVD-2023-42648

Malicious code in bioql PyPI...

EUVD-2025-27153

Malicious code in bioql PyPI...

EUVD-2022-33756

Malicious code in bioql PyPI...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

PT-2025-40394

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute JavaScript code in a victim’s browser through a malicious URL. The vulnerability is reflected throug...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...