CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

PT-2026-45845

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An SQL Injection issue exists in the ARMember Premium plugin for WordPress. The get private content data AJAX action fails to properly sanitize the sSortDir 0 parameter, which is concatenate...

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

CVE-2025-66496

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

Multiple stored cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit ContentData page CWE-79 - CVE-2025-54856 Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page...

CVE-2021-20813

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...

SAMSUNG Notes 安全漏洞

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability, which arises from an out-of-bounds read when the base content extra data is applied, and can be...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

Sql injection

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

CVE-2024-24029

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS version 5.0.0, which was discovered to contain an SQL injection vulnerability via /admin/content/data...

JFinalCMS Cross-Site Scripting Vulnerability

JFinalCMS is a content management system by heyewei individual developer. A cross-site scripting vulnerability exists in JFinalCMS version 5.0.0, which stems from a cross-site scripting XSS vulnerability in Content data...

Malicious Package

Overview @nelio-content/data is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

CVE-2021-20813

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...

CVE-2021-20813

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...

Cross site scripting

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...

CVE-2021-20813

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...