CVE-2026-2611

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

📄 FreePBX 17.0.3 SQL Injection

FreePBX version 17.0.3 proof of concept unauthenticated remote SQL injection exploit that leverages ajax.php. ============================================================================================================================================= | Title : FreePBX 17.0.3 Unauthenticated SQL...

EUVD-2022-33374

Malicious code in bioql PyPI...

EUVD-2025-8841

Malicious code in bioql PyPI...

CVE-2024-1923

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...

CVE-2022-28940

In H3C MagicR100 =V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin FlyingPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Flo Forms – Easy Drag & Drop Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

H3C MagicR100 has unspecified vulnerabilities

H3C MagicR100 is a router from H3C. H3C MagicR100 has a security vulnerability that originates from the /ajax/ajaxget interface that can be accessed without authorization, which can be exploited by attackers to send large amounts of data via ajaxmsg for denial of service attacks...

CVE-2022-28940

In H3C MagicR100 =V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack...

joyplus-cms SQL Injection Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in joyplus-c...

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...

Proman Xpress v5.0.1 - Multiple Web Vulnerabilities

Exploit for php platform in category web applications Title: ====== Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Introduction: ============= Proman Xpress v5.0.1 is a super project management script coded in PHP & MySQL. It s highly customizable and is used across industries. No Encryption...