CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

PT-2026-31851

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to and including 1.2.58 The plugin is susceptible to Improper Access Control due to insufficient field-level permission validation within the upload file remove AJAX handler. The...

CVE-2026-31823

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

CVE-2026-31823 Sylius has Authenticated Stored XSS

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

CVE-2025-62292

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

EUVD-2025-33688

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts...

EUVD-2018-8573

Malware in sbrugna...

EUVD-2022-53538

Malicious code in bioql PyPI...

CVE-2023-1792

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/managefield.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

Warehouse Management System 跨站脚本漏洞

Warehouse Management System is a warehouse management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Warehouse Management System version 1.0, which stems from the parameter adminuser/adminnama/adminalamat/admintelepon in the file pengguna.php, which can lead to...

PT-2024-26918 · Sourcecodester · Sourcecodester Warehouse Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Warehouse Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Warehouse Management System, affecting the file pengguna.php. The manipulation of the arguments admin user, admin...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-1792

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/managefield.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

PT-2023-17250 · Sourcecodester · Sourcecodester Simple Mobile Comparison Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Mobile Comparison Website version 1.0 Description: A critical issue was found in the file /admin/fields/manage field.php of the component GET Parameter Handler. The manipulation of the id argument leads to sql injection...

Simple Mobile Comparison Website SQL注入漏洞

Simple Mobile Comparison Website is a mobile comparison website by Carlo Montero personal developer. It allows users to compare the specifications of smartphones. A SQL injection vulnerability exists in SourceCodester Simple Mobile Comparison Website version 1.0 due to an unknown function in the...

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77049)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to a SQL injection vulnerability that originates in /psrs/admin/fields/managefield.php?id=page. SQL injection problem, an attacker can use this...

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77050)

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to a SQL injection vulnerability that originates in /psrs/admin/fields/viewfield.php?id=page. SQL injection problem, an attacker can use this vulnerabilit...

CVE-2022-32365

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/managefield.php?id=...