CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-10764

CVE-2025-10764 affects SeriaWei ZKEACMS up to 4.3, specifically the Edit function in Event Action System at src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs. The vulnerability stems from manipulation of the Data argument, enabling server-side request forgery (SSRF) from remote attacke...

CVE-2025-10764 SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-10764 SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

PowerPanel Business Edition - Cross-Site Scripting

Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE : Pending CyberPower PowerPanel Business Edition...

PowerPanel Business Edition 3.4.0 Cross Site Scripting

Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Software Link: https://dl4jz3rbrsfum.cloudfront.net/software/ppbe340-linux-x8664.sh Version:...

CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for cod...

CVE-2017-16906

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...

Sql injection

Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 articleid parameter to view.php and the 2 a parameter in an event action to calendar.php, reachable through index.php...

CVE-2008-7018

Cross-site scripting XSS vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field descr parameter in an Add New Event action in an unspecified request as generated by an add action in index.php...

CVE-2008-2012

SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action...