CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

PT-2026-20510

Name of the Vulnerable Software and Affected Versions MajorDoMo affected versions not specified Description An include order bug in modules/panel.class.php allows execution to continue past a redirect call that lacks an exit statement. This enables unauthenticated requests to reach the ajax handl...

EUVD-2020-16452

Malware in sbrugna...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2023-30280

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page...

CVE-2020-28070

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in viewevent.php via the 'id' parameter...

NETGEAR WG302v2 注入漏洞

The NETGEAR WG302v2 is a wireless access point from NETGEAR. The NETGEAR WG302v2 suffers from a command injection vulnerability that stems from the uigetinputvalue function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...

CVE-2023-30280

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page...

NETGEAR R6900和NETGEAR R6700v3 安全漏洞

NETGEAR R6900 and NETGEAR R6700v3 are both products of NETGEAR, Inc.NETGEAR R6900 is a wireless router.NETGEAR R6700v3 is a router. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in the NETGEAR R6900 and NETGEAR R6700v3...

SUSE CVE-2006-5444

Integer overflow in the getinput function in the Skinny channel driver chanskinny.c in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads t...

CVE-2022-1170

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests...

CVE-2020-23711

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...

CVE-2020-28070

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in viewevent.php via the 'id' parameter...

Sql injection

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in viewevent.php via the 'id' parameter...

CVE-2020-28070

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in viewevent.php via the 'id' parameter...

WordPress History Collection <=1.1.1 Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress History Collection =1.1.1 Arbitraty File Download Google Dork: inurl:plugins/history-collection Date: 10/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/history-collection/ Version: =1.1.1...

WordPress Plugin History Collection 1.1.1 - Arbitrary File Download

Exploit Title: Wordpress History Collection =1.1.1 Arbitraty File Download Google Dork: inurl:plugins/history-collection Date: 10/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/history-collection/ Version: =1.1.1 Tested on: Linux I-Description: Wordpress history...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain sensitive information via a crafte...