35 matches found
CVE-2026-22596
CVE-2026-22596 affects Ghost, a Node.js CMS. A SQL injection flaw exists in Ghost’s /ghost/api/admin/members/events endpoint due to insufficient input validation, exploitable by users with Admin API credentials. Affected versions: 5.90.0–5.130.5 and 6.0.0–6.10.3. The issue allows arbitrary SQL ex...
EUVD-2026-1426
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...
CVE-2026-22596 Ghost has SQL Injection in Members Activity Feed
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...
GHSA-GJRP-XGMH-X9QQ Ghost has SQL Injection in Members Activity Feed
Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...
Ghost has SQL Injection in Members Activity Feed
Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...
EUVD-2021-31355
Malicious code in bioql PyPI...
EUVD-2025-18803
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
dnn.platform is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and sanitization in the Activity Feed Attachments endpoint, allowing malicious scripts to be injected and rendered...
CVE-2025-52485
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Activity Feed Attachments endpoint. An attacker can execute arbitrary scripts in the context of...
CVE-2025-52485
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
CVE-2025-52485
CVE-2025-52485 affects DNN Platform (DotNetNuke) before version 10.0.1. Versions 6.0.0 to
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1...
GHSA-WWC9-WMM3-2PMF DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1...
Dotnetnuke < 10.0.1 Stored Cross-Site Scripting (XSS) in Activity Feed (GHSA-wwc9-wmm3-2pmf)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.0.1. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Dotnetnuke < 10.0.1 Stored Cross-Site Scripting (XSS) in Activity Feed (CVE-2025-52485)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.0.1. It is, therefore, affected by a vulnerability. - DNN.PLATFORM Allows Stored Cross-Site Scripting XSS in Activity Feed CVE-2025-52485 Note that Nessus has not tested for this iss...
CVE-2025-5210
creationtimestamp| type| source ---|---|--- 2025-05-26 22:48:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17580 2025-05-26 23:42:02+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4dxavqia72 2025-05-26...