Lucene search
+L

2359 matches found

CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

CodeAstro Online Job Portal 注入漏洞

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a vulnerability due to improper handling of ID parameters in the admin/jobs-admins/delete-jobs.php file within the All Jobs Page component, which may lead to SQL...

5.8CVSS5.9AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4131 WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/04/20 5:33 p.m.4 views

CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

4.8CVSS5.8AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 1:24 a.m.10 views

CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/17 1:24 a.m.9 views

EUVD-2026-23342

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2025-209447

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

6.1CVSS5.8AI score0.00181EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-25710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary...

9.1CVSS6.2AI score0.00311EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 12:0 a.m.11 views

CVE-2026-36873

CVE-2026-36873 affects Sourcecodester Basic Library System v1.0. The vulnerability is a SQL Injection in the administrative loader endpoint at /librarysystem/load_admin.php (variants in copies show /librarysystem/load_admin.php). Evidence from Red Hat, ENISA EUVD, CIRCL, CVE lists confirms the sa...

2.7CVSS5.9AI score0.00225EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/12 3:30 p.m.132 views

pantry

▄▄ ▄▄ ▄█▀▀█▄ █▄ █...

7.5CVSS6.4AI score0.00417EPSS
Exploits1
EUVD
EUVD
added 2026/04/12 3:30 p.m.10 views

EUVD-2019-20134

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00342EPSS
Exploits1References5
NVD
NVD
added 2026/04/12 1:16 p.m.6 views

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

8.8CVSS0.00342EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.13 views

Code-Projects Simple IT Discussion Forum 代码注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple IT Discussion Forum has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter fname in the file admin/user.php,...

4.8CVSS5.6AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.15 views

PT-2026-31575

Name of the Vulnerable Software and Affected Versions Online Shoe Store version 1.0 Description A cross site scripting issue exists due to the manipulation of the product name argument in the file '/admin/admin product.php'. The attack can be initiated remotely and the exploit has been publicly...

4.8CVSS4.8AI score0.00206EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/04 11:16 a.m.4 views

CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.12 views

PT-2026-30328

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.16.1 Description Directus is susceptible to an open redirect issue through the redirect parameter on the /admin/tfa-setup page. An administrator who has not configured Two-Factor Authentication 2FA may be redirect...

4.3CVSS5.8AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.9 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS6AI score0.00393EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/31 8:56 p.m.4 views

CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

6.1CVSS6AI score0.0022EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/29 12:31 p.m.7 views

EUVD-2026-16985

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/29 9:45 a.m.5 views

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/29 9:45 a.m.5 views

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References5
Rows per page
Query Builder