CVE-2026-48227 Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of Field parameters in the GroupPropsFormRowOps.php file, which could lead to SQL injection...

CVE-2026-33013

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

CVE-2026-33013

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

CVE-2025-15440

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-15440

The affected product is the WordPress plugin iONE360 configurator . It is vulnerable to a Stored Cross‑Site Scripting (XSS) in the Contact Form parameters in all versions up to and including 2.0.57 , caused by insufficient input sanitization and output escaping. This allows unauthenticated attack...

CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-15440

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2022-38615

SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters at /SVFE2/pages/feegroups/servicegroup.jsf...

CVE-2024-41596

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 in the Vigor management UI because of improper retrieval and handling of the CGI form parameters...

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...

AndSoft e-TMS Cross-Site Scripting Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

EUVD-2019-16522

Malware in sbrugna...

EUVD-2011-4940

Malware in sbrugna...

EUVD-2006-6554

Malware in sbrugna...

EUVD-2025-32147

Malicious code in bioql PyPI...

EUVD-2025-32154

Malicious code in bioql PyPI...

CVE-2025-59773

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59770

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...