EUVD-2026-32733

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

EUVD-2020-2916

Malware in sbrugna...

CVE-2020-10482

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request...

OFCMS Backend Directory Traversal Vulnerability

OFCMS is a content management system based on Java technology. Versions of OFCMS prior to 1.1.3 have an admin/cms/template/getTemplates.html?respath=res&updir=... /directory traversal vulnerability. An attacker can exploit the vulnerability to traverse directory information...

Cross site request forgery (csrf)

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...