858 matches found
CVE-2026-8438
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
EUVD-2026-34942
The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...
CVE-2026-10815
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-2374
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...
CVE-2026-11336
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboardpage/adminpage.php of the component Admin Interface. The manipulation of the argument...
EUVD-2026-34848
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboardpage/adminpage.php of the component Admin Interface. The manipulation of the argument...
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or...
CVE-2026-10815
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815
The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...
CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...
Web-Based-Honeypot-for-Intrusion-Detection
Web-Based-Honeypot-for-Intrusion-Detection A Web-Based Honeypo...
EUVD-2026-32704
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...
Exploit for CVE-2026-36226
CVE-2026-36226: Advantech WebAccess/SCADA Create New Project U...
CVE-2026-42192
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...
CVE-2026-42192
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...
EUVD-2026-28831
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...
CVE-2026-42192 Plunk: Stored XSS in campaign view
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...
CVE-2026-42192
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting XSS vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin...