48 matches found
CVE-2026-11510
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...
CVE-2026-42096
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...
CVE-2026-40840
CVE-2026-40840 describes an unauthenticated SQL Injection in the VerifyCreateLicences function. An attacker with low privileges and remote access can exploit improper neutralization of elements in a SQL SELECT command, leading to total confidentiality loss. Documents consistently cite a SQLi in V...
CVE-2021-47951
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...
CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
CVE-2021-47948
The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...
EUVD-2026-20643
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...
CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...
Jsish 安全漏洞
Jsish is a small JavaScript parser written in C with a built-in database by the pcmacdon individual developer. A security vulnerability exists in Jsish version 2.0 that stems from type confusion and could lead to a crash or code execution...
CVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...
CVE-2025-65592
CVE-2025-65592 affects nopCommerce 4.90.0. The vulnerability is a Cross Site Scripting (XSS) issue in the product management functionality, where malicious payloads entered into the Product Name and Short Description fields are stored in the backend database and then executed when affected pages ...
PT-2025-43698
Name of the Vulnerable Software and Affected Versions Bitcoin Core versions through 29.0 Description The software is susceptible to an issue involving uncontrolled resource consumption. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
PT-2025-43697
Name of the Vulnerable Software and Affected Versions Bitcoin Core versions through 29.0 Description The software is susceptible to Uncontrolled Resource Consumption. As of October 25, 2025, the identifier CVE-2025-54604 is not a valid identifier and is not included in the National Vulnerability...
CVE-2025-9914
CVE-2025-9914 involves credentials stored in the system’s local database that can be used for login, potentially granting unauthorized access and affecting confidentiality. Connected documents identify SICK products (e.g., SICK AG Baggage Analytics) as affected, with the root cause described as l...
EUVD-2025-25215
Malicious code in bioql PyPI...
EUVD-2025-25031
Malicious code in bioql PyPI...
CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page
LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
Linux Distros Unpatched Vulnerability : CVE-2018-12482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. CVE-2018-12482 Note that...