EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

MantisBT 2.28.0 Tag Deletion XSS (GHSA-fh48-f69w-7vmp)

The version of MantisBT installed on the remote host is 2.28.0. It is, therefore, affected by a vulnerability: - A cross-site scripting XSS vulnerability exists in the tag deletion confirmation page tagdelete.php due to improper escaping of the tag name when displaying the confirmation message. A...

EUVD-2025-30714

Malicious code in bioql PyPI...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

PT-2025-39065

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the meal reservation service. The vulnerability is located in the transactionID GET parameter on the transaction confirmation page. Insufficient input...

UBUNTU-CVE-2024-52947

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...

Design/Logic Flaw

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page...

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

VK.com: [0.vk.com] Reflected XSS на странице подтверждения.

XSS в старых версиях IE на мобильной версии сайта, доступной некоторым операторам. Reflected XSS на поддомене 0.vk.com. only IE\MTS\Beeline...

orsoft.net XSS vulnerability

Vulnerable URL: http://www.orsoft.net/confirmation Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7184520 VIP website status:| No Check orsoft.net SSL connection:| Grade: B...

Meh : CSRF in Facebook Delegated Account Recovery

Note this is going to be a quick post. This year, at Enigma 2017 Conference, Facebook introduced a way to move Account Recovery beyond Email and the "Secret" Question. After the presentation the moved operationally and presented the first integration partner : Github. These days I have seen a lot...

phpmywind最新版本注入漏洞第二弹

简要描述： 继续之前的代码审计，发现其他地方还有类似的问题存在，都是没有对变量进行适当的过滤就直接拼接到sql语句里面执行，导致任意sql指令的执行。 详细说明： 漏洞位于member.php 689行处： $r = $dosql-GetOne"SELECT checkinfo FROM @goodsorder WHERE username='$cuname' AND id=$id"; id参数未做任何过滤直接放到sql语句里面执行。 利用分析：...

Fyblogs website management system vulnerability-vulnerability warning-the black bar safety net

Background universal password 'or'='or' The backend file management presence of the bypass. Lead to browse to where the letter information. Information leaked! admin/uploadfile. asp? currentFolder=/upfiles/../ Vulnerability to prove: Google: inurl:type. asp? id=1 News Center Or: inurl:downloadok...