EUVD-2026-20823

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

📄 Samsung QuramDng Out-Of-Bounds Write

Samsung QuramDng has an invalid LossyJpeg component assumption that leads to an out-of-bounds write. BACKGROUND Samsung Android uses an internal DNG decoding library, QuramDng in libimagecodec.quram.so, to decode images in com.samsung.ipservice and com.samsung.gallery3d. Samsung Gallery will deco...

CVE-2025-11102

CVE-2025-11102 affects Campcodes Online Learning Management System (v1.0). A vulnerability in an unknown function within /admin/edit_content.php allows manipulation of the Title parameter to trigger SQL injection. Exploitation can be conducted remotely, and public exploits are noted. Several sour...

CVE-2025-11077 Campcodes Online Learning Management System add_content.php sql injection

A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/addcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclose...

pentest_compilation

It is an offensive tool for Windows. The repository contains a compilation of commands, tips, and scripts used for penetration testing and red teaming exercises. The provided code snippet is an XML file named "detalle.SettingContent-ms" located in the "Phishing" directory. This file appears to be...

SourceCodester Simple Company Website 安全漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. A security vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from an unrestricted upload due to incorrect manipulation of the parameter img in the file...

CVE-2024-25297

Cross Site Scripting XSS vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php...

Bludit Security Breach

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in Bludit CMS version 3.15, which stems from a cross-site scripting XSS vulnerability in the file edit-content.php...

PT-2023-31985 · Huakecms · Huakecms

Name of the Vulnerable Software and Affected Versions: huakecms version 3.0 Description: A critical vulnerability was found in huakecms, affecting an unknown functionality of the file /admin/cms content.php. The manipulation of the cid argument leads to SQL injection. The attack can be launched...

GHSA-275C-V3RC-XGHX Kirby XSS Vulnerability

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

Kirby XSS Vulnerability

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

CVE-2020-13145

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...

Microsoft Windows: Turn off Search Companion content file updates

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wincontentfileupdates.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Turn off Search Companion content file updates Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

Cross site scripting

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

CVE-2017-16807

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

CVE-2017-16807

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

Kirby CMS 2.5.7 - Cross-Site Scripting

Kirby CMS 2.5.7 - Cross-Site Scripting Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince...

CVE-2017-8876

CVE-2017-8876 affects Symphony CMS v2.6.11, where an XSS flaw exists in the user-controlled input of the meta[navigation_group] parameter handled by content/content.blueprintssections.php. The vulnerability enables injection of script/HTML in affected pages, consistent with cross-site scripting d...

CVE-2009-2331

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...