EUVD-2026-25630

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findingsjson field of...

CVE-2025-11890

CVE-2025-11890 : The Crypto Payment Gateway with Payeer for WooCommerce WordPress plugin is vulnerable to an unauthenticated payment bypass in all versions up to 1.0.3. The flaw stems from improper server-side verification of payment status via the /wc-api/bp-payeer-gateway-callback endpoint, all...

EUVD-2008-1325

Malware in sbrugna...

PHPJ Callback Widget 1.0 Cross Site Scripting

Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking Author: nu11secur1ty Date: 01/26/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/callback-widget/ Reference: https://portswigger.net/web-security/cross-site-scripting Description: The Callback Requests functi...

CVE-2012-5479

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback...

Design/Logic Flaw

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback...