PT-2026-30674

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...

Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...

CVE-2021-47915

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

CVE-2021-47915

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

EUVD-2021-34756

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

CVE-2021-47915

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

PT-2026-5560

Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0 Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allow...

CVE-2025-11421 code-projects Voting System candidates_edit.php cross site scripting

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has be...

EUVD-2015-6690

Malware in sbrugna...

EUVD-2022-0877

Malicious code in bioql PyPI...

EUVD-2025-27622

Malicious code in bioql PyPI...

CVE-2025-10846

A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-10234

A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /datapointedit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely...

CVE-2025-10011

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-10011 Portabilis i-Educar edit sql injection

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-10011 Portabilis i-Educar edit sql injection

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-9684 Portabilis i-Educar Formula de Cálculo de Média edit sql injection

A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflective cross-site scripting in the id parameter in the liveedit.modulesettings API endpoint, which could lead to arbitrary JavaScript...

CVE-2015-6753

Multiple cross-site scripting XSS vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an 1 entity title, related to in-place editing, or a 2 node title...