CVE-2026-9608 QianFox FoxCMS Administrator Backend edit cross site scripting

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

FoxCMS 授权问题漏洞

FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a licensing issue vulnerability, which stems from a weak password recovery vulnerability in the Edit function of the Admin.php fi...

Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

...

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-34225

Open WebUI vulnerability CVE-2026-34225 affects the Open WebUI self-hosted AI platform (offline). Versions ≤ 0.7.2 expose a Blind Server Side Request Forgery in the image-edit workflow: a GET request to a user-supplied URL with no domain restrictions, enabling access to the local address space. B...

PT-2026-29800

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

EUVD-2021-34762

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack us...

PT-2025-45582

Name of the Vulnerable Software and Affected Versions qianfox FoxCMS versions up to 1.2.16 Description A cross-site scripting issue exists in the add/edit function of the app/admin/controller/Product.php file. Manipulation of the Title argument can trigger this issue. The attack can be initiated...

CVE-2025-12288

A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...

PT-2025-41235

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions through 1.9.3 Description A flaw exists in JhumanJ OpnForm that could allow for improper access controls. The issue is related to manipulation of an unknown function within the /edit endpoint. The exploit has been...

EUVD-2024-41564

Malicious code in bioql PyPI...

EUVD-2025-28393

Malicious code in bioql PyPI...

EUVD-2021-29305

Malicious code in bioql PyPI...

CVE-2025-10846

Portabilis i-Educar up to version 2.10 has a SQL injection vulnerability in the file /module/ComponenteCurricular/edit caused by manipulation of the ID parameter. The flaw can be exploited remotely and the exploit has been publicly disclosed. Multiple sources corroborate the issue across CVE reco...

CVE-2025-10390

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...

CVE-2025-8847

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

PT-2025-22798

Name of the Vulnerable Software and Affected Versions easysoft zentaopms version 21.5 20250307 Description A critical issue has been discovered that affects the Edit function of the component Committer. The issue is related to the manipulation of the filePath argument in the...

CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements...