PT-2026-43535

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search simple fields options function in functions admin.php. This makes it possible for unauthenticated...

EUVD-2026-29415

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-29737

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2016-8527

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting XSS. The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking ...

Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)

====================================================================== Advisory : Exploit for vBulletin "obscure" XSS Release Date : June 13th 2008 Application : vBulletin Version : vBulletin 3.7.1 and lower, vBulletin 3.6.10 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors...