CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2021-24800

Malware in sbrugna...

EUVD-2022-34014

Malicious code in bioql PyPI...

CVE-2025-3862

CVE-2025-3862 affects the WordPress plugin Contest Gallery (versions up to 26.0.6). The root cause is insufficient input sanitization and output escaping for the id parameter, enabling Stored XSS by an authenticated attacker with Contributor+ privileges. Impact per available docs: injected script...

Projectworlds Free Download Online Shopping System SQL注入漏洞

Projectworlds Free Download Online Shopping System is an online shopping system from Projectworlds India. Projectworlds Free Download Online Shopping System 192.168.1.88 and earlier versions have a SQL injection vulnerability that stems from a SQL injection vulnerability in the parameter id...

Medicine Tracker System SQL Injection Vulnerability

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A SQL injection vulnerability exists in Medicine Tracker System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to an SQL injection...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system by Carlo Montero, an individual developer. A security vulnerability exists in Automotive Shop Management System version v1.0, which originates from an SQL injection via the id parameter in /services/viewservice.php...

CVE-2022-26268

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php...

SQL Injection Vulnerability in the id Parameter of Nanchangwei.com Electronic Newspaper System

"VNN Digital Newspaper" is a professional software product for digitizing newspapers, which can provide a perfect solution for paper newspapers to go online. It allows the original newspaper layout to be quickly and easily presented to readers through the Internet. There exists a SQL injection...

SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/flight/refund_update.aspx?id=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

CVE-2005-4387

Cross-site scripting XSS vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter...