CVE-2026-6824 CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

PuneethReddyHC Event Management 安全漏洞

PuneethReddyHCP Event Management is an application developed by Puneeth Reddy H C as a personal developer. It helps users register for events held during university festivals in a simple and secure manner. Version 1.0 of PuneethReddyHCP Event Management contains a security vulnerability. This...

CVE-2025-56605

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

CVE-2025-56605

CVE-2025-56605 concerns PuneethReddyHC Event Management System 1.0. The issue is a reflected XSS in the register.php backend script where the mobile POST parameter is not sanitized and is echoed back in the HTTP response. This allows an attacker to inject and execute arbitrary JavaScript in a vic...

CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

EUVD-2025-116207

Malicious code in backend-run-script-chariklo-centauri npm...

EUVD-2021-23978

Malware in sbrugna...

CVE-2012-10033 Narcissus backend.php Image Configuration Command Injection

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

Shenzhen Sihai Zhonglian Network Technology COMFAST CF-WR623N 授权问题漏洞

The Shenzhen Sihai Zhonglian Network Technology COMFAST CF-WR623N is a wireless router from Shenzhen Sihai Zhonglian Network Technology Shenzhen, China. A security vulnerability exists in Shenzhen Sihai Zhonglian Network Technology COMFAST CF-WR623N V2.3.0.1 and prior firmware versions, which ste...

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

Nagios XI and Nagios Elevation of Privilege Vulnerabilities

Nagios XI and Nagios are both products of Nagios, Inc.Nagios XI is an IT infrastructure monitoring solution. The solution supports monitoring and alerting of applications, services, operating systems, etc. Nagios is an open source, free network monitoring tool. An elevation of privilege...

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3...

Command Execution Vulnerability in XYHCMS Backend Sy***.cl***.php File

XYHCMS Xingyunhai CMS is a completely open source CMS content management system. A command execution vulnerability exists in the XYHCMS backend Sy.cl.php file. Attackers can use the vulnerability to obtain control of the server...

WordPress SlickQuiz 1.3.7.1 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...

SQL Injection Vulnerability in co***_ru***_ed***.php of Acme CMS Backend

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. There is a SQL injection vulnerability in the backend corued.php of Acme CMS, which can be exploited by attackers to obtain sensitive...

SQL Injection Vulnerability in 74cms Backend Pe***.cl***.php File

Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. By Taiyuan Xunyi Technology Co., Ltd. was officially launched in 2009. 74cms background Pe.cl.php file SQL injection vulnerability. Attackers can use the...

Narcissus Remote Command Execution Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 Narcissus Remote Command Execution Vulnerability Script: Narcissus - Online image build...