3847 matches found
EUVD-2025-209380
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
CVE-2025-50228
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
EUVD-2026-20836
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2026-5837 PHPGurukul News Portal Project news-details.php sql injection
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2026-5837
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2026-5828
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and...
CVE-2025-50228
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
CVE-2025-50228
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
JIZHICMS(极致CMS) 安全漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from server-side request forgeing vulnerabilities in the User Evaluation, Message, and Comment modules...
CVE-2025-50228
CVE-2025-50228 affects Jizhicms v2.5.4. Multiple connected sources describe a vulnerability classified as Server-Side Request Forgery (SSRF) in the User Evaluation, Message, and Comment modules. The primary CVE notes a high-severity impact (CVSS v3.1: 9.1, CRITICAL) with network access, no user i...
PT-2026-31615
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
PT-2026-31576
Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal Project version 4.1 Description A flaw exists in PHPGurukul News Portal Project 4.1, specifically within the /news-details.php file. Manipulation of the Comment argument can lead to SQL injection. The attack can be...
CVE-2025-50228
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...
CVE-2026-4406
The CVE concerns Gravity Forms for WordPress (≤ 2.9.30) with a Reflected XSS in the gform_get_config AJAX action via the form_ids parameter. The root cause is that GFCommon::send_json() returns JSON wrapped in HTML comments using echo/wp_die(), sending a text/html header instead of application/js...
CVE-2026-39382
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
CVE-2026-39382 dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
CVE-2026-39382
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
EUVD-2026-19918
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...
CVE-2026-39382
In CVE-2026-39382, the vulnerability arises in a dbt workflow where the prep job uses peter-evans/find-comment to fetch a comment-body, which is then interpolated into a shell command without escaping. This allows attacker-controlled text to break out of quotes and inject arbitrary shell commands...
PT-2026-31009
Name of the Vulnerable Software and Affected Versions dbt affected versions not specified Description dbt allows data analysts and engineers to transform data using software engineering practices. A command injection issue exists in the workflow located at...