CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

CVE-2026-1552

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

EUVD-2026-4971

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

CVE-2026-1552 SEMCMS SEMCMS_Info.php sql injection

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

CVE-2026-1552 SEMCMS SEMCMS_Info.php sql injection

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

EUVD-2025-205861

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without...

CVE-2025-12313

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-11335 D-Link DI-7100G C1 jhttpd msp_info.htm sub_46409C command injection

A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...

EUVD-2025-26152

Malicious code in bioql PyPI...

CVE-2025-10332

A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...

CVE-2025-10332

CVE-2025-10332 affects the Unmark to-do list app (cdevroe unmark) up to version 1.9.3. The vulnerability is a cross-site scripting flaw in the Title parameter used in application/views/marks/info.php. Exploitation can be performed remotely; multiple sources state the exploit is publicly available...

PT-2025-35156

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Apartment Management System 1.0. The issue is located in the file /o dashboard/rented all info.php. Manipulation of the uid argumen...

CVE-2025-9507

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

VulnCheck KEV: CVE-2019-17574

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt...

CVE-2025-5556 PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack...

CVE-2024-1199

A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument atenid leads to denial of service. The...

Projectworlds Hospital Database Management System 注入漏洞

Projectworlds Hospital Database Management System is a hospital database management system from Projectworlds India. An injection vulnerability exists in Projectworlds Hospital Database Management System version 1.0, which stems from improper handling of the parameter MedID in the file...

CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...