CVE-2019-25536 Netartmedia PHP Real Estate Agency 4.0 SQL Injection via features parameter

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

CVE-2019-25536

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

CVE-2019-25534 Netartmedia PHP Car Dealer SQL Injection via features parameter

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

CVE-2019-25534

CVE-2019-25534 affects Netartmedia PHP Car Dealer. An SQL injection allows unauthenticated attackers to submit crafted SQL via the features[] parameter in POST requests to index.php, enabling extraction of sensitive database information or manipulation of queries. CVSS scores indicate high severi...

CVE-2019-25534 Netartmedia PHP Car Dealer SQL Injection via features parameter

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

CVE-2019-25534

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

Open Redirect

Overview @backstage/plugin-auth-backend is an A Backstage backend plugin that handles authentication Affected versions of this package are vulnerable to Open Redirect via the OAuth redirect URI validation bypass. An attacker can intercept authorization codes by crafting a redirect URI that bypass...

PT-2026-24994

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

Netartmedia PHP Car Dealer SQL注入漏洞

Netartmedia PHP Car Dealer is a website system for car dealers operated by the Bulgarian company Netartmedia. Netartmedia PHP Car Dealer has a SQL injection vulnerability; this vulnerability stems from the SQL injection present in the features parameter, which may allow unverified attackers to...

PT-2026-24996

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation. Adobe Vulnerability Report:This vulnerability could result in a security feature bypass, with limited impact to integrity. Exploitation of this...

CVE-2026-21294 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...

PT-2026-24698

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. An input validation error vulnerability exists in Adobe Commerce, which can be exploited by an attacker to bypass security features...

CVE-2026-1074

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...

CVE-2026-1074 WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...

CVE-2026-1074

CVE-2026-1074 concerns the WP App Bar WordPress plugin. It describes a stored cross-site scripting (XSS) vulnerability via the app-bar-features parameter in all versions up to and including 1.5, caused by insufficient input sanitization and output escaping plus a missing authorization check in th...

CVE-2026-1074 WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined with a missing authorization check in the AppBarSettings cla...