CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2025-12266

CVE-2025-12266 affects Zytec Dalian Zhuoyun Technology Central Authentication Service. The vulnerability is in the function _empty of /index.php/auth/widget; manipulation of the parameters get.layer, get.widget, and get.action can trigger remote code injection. The exploit is public and can be us...

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

Lingdang CRM SQL注入漏洞

Lingdang CRM Lingdang CRM is a customer relationship management system from China Lingdang Lingdang company. A SQL injection vulnerability exists in Lingdang CRM 8.6.4.3 and earlier versions, which originates from the parameter userid in the file...