CVE-2025-40903

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

CVE-2025-36368

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

CVE-2003-1258

activate.php in versatileBulletinBoard vBB 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid...

CVE-2026-22241

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability

Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

PT-2025-48184

Name of the Vulnerable Software and Affected Versions HashTech versions 1.0 through commit 5919decaff2681dc250e934814fc3a35f6093ee5 Description A missing authentication check on the /admin index.php endpoint allows an attacker to access the administrative dashboard without valid credentials. This...

CVE-2024-14009

Nagios XI prior to 2024R1.0.1 has a privilege escalation in the System Profile component. The issue stems from improper access controls and unsafe handling of exported/imported profile data, allowing an authenticated administrator to perform actions on the XI host outside the application’s securi...

EUVD-2020-4779

Malware in sbrugna...

CVE-2025-5669

A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

PT-2025-23260 · Wivia 5 · Wivia 5

Name of the Vulnerable Software and Affected Versions: Wivia 5 affected versions not specified Description: There is an issue with OS command injection in Wivia 5. If this issue is exploited, a logged-in administrative user could execute an arbitrary OS command. Recommendations: At the moment,...

CVE-2022-4884

Path-Traversal in MKP storing in Tribe29 Checkmk =2.0.0p32 and = 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file...

WordPress Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin <= 1.2.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter vulnerability

Authenticated Administrator+ SQL Injection via postid Parameter vulnerability discovered by kr0d in WordPress Plugin Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic versions = 1.2.1...

CVE-2021-3844 Rapid7 InsightVM Insufficient Session Expiration

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session...

Zenario CMS 代码问题漏洞

Zenario CMS is a Zenario open source application . It provides a Web-based content management system. A security vulnerability exists in Zenario CMS 9.2 that allows an authenticated administrator user to bypass file upload restrictions by creating a new File/MIME Types with the .phar extension. A...

The vulnerability of the Malware Remover tool lies in its improper handling of certain elements at the administrative level, allowing attackers to execute arbitrary commands and increase their privileges.

The vulnerability of the Malware Remover tool is related to improper elimination of certain elements at the operating level when processing TAR files in the file system. Exploiting this vulnerability allows an attacker to execute arbitrary commands and increase their privileges...

WordPress plugin Giveaway SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in WordPress...

Xerox AltaLink 安全漏洞

Xerox AltaLink is a hardware device from the American Xerox Xerox company. It provides a printing and copying function. A security vulnerability exists in Xerox AltaLink that allows a user with administrative privileges to disable data encryption on the device. The following products and versions...

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04654)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/languages/edit/1/URI in Subrion CMS version...