CVE-2025-13528

CVE-2025-13528 concerns the WordPress plugin Feedback Modal for Website (WordPress plugin). The vulnerability is an unauthenticated data export exposure via the export_data parameter caused by a missing capability check on the handle_export function in all versions up to and including 1.0.1. Mult...

PT-2025-49215

The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle export' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV o...

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

CVE-2022-50594 Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitati...

PT-2025-45369

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitati...

CVE-2025-10701

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-10701

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-10701

The Time Clock WordPress plugin is affected by CVE-2025-10701: a stored cross-site scripting vulnerability in the data parameter, present in all versions up to 1.3.1 due to insufficient input sanitization/output escaping. Exploitation requires authenticated access with Time Clock user credentials...

CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

PT-2025-43585

Name of the Vulnerable Software and Affected Versions The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress versions prior to 1.3.2 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of...

CVE-2025-11506 PHPGurukul Beauty Parlour Management System search-appointment.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The...

EUVD-2014-0003

Malware in sbrugna...

EUVD-2020-3890

Malware in sbrugna...

EUVD-2018-8002

Malware in sbrugna...

EUVD-2022-38050

Malicious code in bioql PyPI...

EUVD-2025-25179

Malicious code in bioql PyPI...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from incorrect manipulation of the parameter Data in the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.c...

SQL Injection

moonshine/moonshine is vulnerable to SQL injection. The vulnerability is due to improper handling of the Data parameter in the Blog module, which allows an attacker to inject malicious SQL queries...

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...