CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2022-26111

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...

CVE-2017-18494

The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues...

CVE-2025-14966

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966 FastAdmin Backend Controller Backend.php selectpage sql injection

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966

FastAdmin vulnerability (CVE-2025-14966) affects FastAdmin up to version 1.7.0.20250506. The issue is in Backend Controller’s selectpage function (application/common/controller/Backend.php) where manipulating the custom/searchField parameter can trigger an SQL injection. It can be exploited remot...

PT-2025-52509

Name of the Vulnerable Software and Affected Versions FastAdmin versions prior to 1.7.0.20250506 Description A flaw exists in FastAdmin up to version 1.7.0.20250506. The issue is located within the selectpage function of the Backend.php file in the Backend Controller component. Manipulation of th...

EUVD-2014-7720

Malware in sbrugna...

EUVD-2014-8161

Malware in sbrugna...

EUVD-2017-9610

Malware in sbrugna...

EUVD-2014-8576

Malware in sbrugna...

EUVD-2024-34779

Malicious code in bioql PyPI...

CVE-2014-7870

Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

WordPress plugin Google CSE security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Google CSE plugin <= 1.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Google CSE versions = 1.0.7...

WPCS ( WordPress Custom Search ) <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WPCS WordPress Custom Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...