PT-2026-41367

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...

EUVD-2018-11242

Malware in sbrugna...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1202)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1202 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Malicious code in content-tags (npm)

The package content-tags was found to contain malicious code...

MAL-2025-17513 Malicious code in content-tags (npm)

The package content-tags was found to contain malicious code...

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26787)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'delete tags' function of the Dynamiccontenttags.php file in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this...

XSS vulnerability in space key, particularly with decorators off

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable...