19 matches found
CVE-2025-70128
Summary: CVE-2025-70128 describes a Stored XSS in PluXml, affecting versions up to 5.8.22, in the article comments feature. Affected component: PluXml core/admin/comments.php. Root cause: User-supplied input in the comment’s link field is not properly sanitized/validated, allowing malicious [remo...
CVE-2026-22444
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
EUVD-2010-4871
Malware in sbrugna...
EUVD-2021-25043
Malware in sbrugna...
EUVD-2023-56743
Malicious code in bioql PyPI...
MAL-2025-26639 Malicious code in mongodb-stitch-core-admin-client (npm)
The package mongodb-stitch-core-admin-client was found to contain malicious code...
CVE-2025-3325
A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attac...
PluXml 安全漏洞
PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version v5.8.16 and earlier versions, which stems from a Remote Code Execution RCE vulnerability in the...
CVE-2023-52064
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php...
Sql injection
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php...
CVE-2022-24587
A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...
UBUNTU-CVE-2022-24585
A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...
UBUNTU-CVE-2022-24587
A stored cross-site scripting XSS vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML...
CVE-2021-38603
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...
CVE-2021-38603
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Recent assessments: nu11secur1ty at August 13, 2021 11:57am UTC reported: Link: Vulnerability parameter in profil.php “idcontent” NOTE: The same problem is in the demo account in the online version Proof: Assessed...
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...
CVE-2017-9443
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...
podcast generator <= 1.2 globals[] Multiple Vulnerabilities
No description provided by source. ++ | Podcast Generator = 1.2 GLOBALS Multiple Remote Vulnerabilities | ++ | by staker - stakerathotmaildotit / http://zeroidentity.org | ++ +-------------------------------------------------------------------------------------+ | Remote/Local Arbitrary File...
Podcast Generator <= 1.2 GLOBALS[] Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================================== Podcast Generator RFI | | | magicquotesgpc=off -- LFI | +-------------------------+-----------------------------------------------------------+ |...