139 matches found
FineCMS <=5.0.10 - Cross-Site Scripting
FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...
CVE-2026-14482
The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (
CVE-2026-14482 多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...
UBUNTU-CVE-2026-58028
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...
CVE-2025-1186
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...
EUVD-2013-1836
Malware in sbrugna...
EUVD-2018-6822
Malware in sbrugna...
EUVD-2017-11165
Malware in sbrugna...
EUVD-2018-20707
Malware in sbrugna...
EUVD-2018-8202
Malware in sbrugna...
EUVD-2018-12584
Malware in sbrugna...
EUVD-2021-19282
Malware in sbrugna...
EUVD-2023-58880
Malicious code in bioql PyPI...
EUVD-2024-21555
Malicious code in bioql PyPI...
EUVD-2021-30593
Malicious code in bioql PyPI...
PT-2025-37390
Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file /api.php. Manipulation of the setrfidlist argume...
CVE-2024-41371
Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...
CVE-2021-32428
SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2017-20168
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommende...