15 matches found
PT-2026-33925
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...
EUVD-2024-44043
Malicious code in bioql PyPI...
EUVD-2025-5476
Malicious code in bioql PyPI...
EUVD-2024-32657
Malicious code in bioql PyPI...
EUVD-2024-27866
Malicious code in bioql PyPI...
EUVD-2024-51579
Malicious code in bioql PyPI...
CVE-2025-5686
The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-0837
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2024-27625
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...
CVE-2023-3933 Your Journey <= 1.9.8 - Prototype Pollution to Reflected Cross-Site Scripting
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress themify themes File Upload Vulnerability
all theme suffer of File Upload Vulnerability. all whitout autoritation can upload malicious code to all themify theme Usage Info prof of concept: code not properly sanitized at get function: function themifyupload if!empty$FILES if!isset$POST'target' || $POST'target' == '' $target =...
GScripts.net DNS Tools 'dig.php' Remote Command Execution Vulnerability
GScripts.net DNS Tools is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer. OpenVAS Vulnerability Test $Id: GScriptscve20091361.nasl 5767...
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
source: https://www.securityfocus.com/bid/23499/info News Manager Deluxe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. This issue affects News...
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections
Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections source: https://www.securityfocus.com/bid/21398/info Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query...
MyBB index.php 'referrer' Parameter SQLi
The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'referrer' parameter before using it in the globals.php script. A remote attacker can exploit this issue to manipulate SQL queries, resulting in...