91 matches found
CVE-2026-58411
ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...
CVE-2026-51946
SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...
CVE-2026-51946
SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...
CVE-2026-51946
CVE-2026-51946 describes a SQL injection vulnerability in the GoAdminGroup GoAdmin project (GoAdmin) affecting the last release, v1.2.26. The issue, exploitable via the __sort_type URL parameter on all /admin/info/{table} endpoints, could allow a remote attacker to execute arbitrary code and disc...
CVE-2026-42611 Grav: Stored XSS via Tag Injection
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...
CVE-2026-42611
Grav CVE-2026-42611 is a stored XSS in Grav Core + Admin Plugin (versions around v1.7.49.5 / v1.10.49.1) that a low-privileged user can exploit via page content to exfiltrate admin context, including the admin nonce, potentially bypass CSRF protections and enable further actions on sensitive admi...
Google Android suffers from unspecified vulnerability (CNVD-2026-14648)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...
CVE-2025-48645
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48645
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48645
CVE-2025-48645 concerns Google Android. The vulnerability arises from an improper input validation in the Android framework’s DeviceAdminInfo.loadDescription, allowing a malicious local attacker to achieve local elevation of privilege without user interaction. The impact is described as persisten...
EUVD-2025-28299
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-50291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...
CVE-2023-1634
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
1000 Projects Daily College Class Work Report Book 注入漏洞
1000 Projects Daily College Class Work Report Book is an open source college class work report book by 1000 Projects. An injection vulnerability exists in 1000 Projects Daily College Class Work Report Book version 1.0, which originates from SQL injection due to the operation of the parameter batc...
CVE-2024-39023
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via admin/infodeal.php?mudi=add&nohrefStr=close...
PT-2024-28352 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in idccms. It can be exploited via the "admin/info deal.php" endpoint with specific parameters mudi and nohrefStr. The mudi parameter is set to rev and...
CVE-2024-39153
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infodeal.php?mudi=del&dataType=news&dataTypeCN...
idcCMS Security Breach
Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology, Inc. A security vulnerability exists in idcCMS v1.35, which originates from the component /admin/infodeal.php?mudi=del&dataType=news&dataTypeCN...
PT-2024-28365 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component /admin/info deal.php?mudi=del&dataType=news&dataTypeCN. This issue allows for unauthorized requests to be made. The mudi, dataType, and...
idccms 安全漏洞
Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idccms v1.35, which was discovered via the component /admin/infoWebdeal.php?mudi=rev an...