com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...

EUVD-2019-8747

Malware in sbrugna...

Design/Logic Flaw

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter...

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via langid Parameter

The plugin did not escape, validate or escape the 'langid' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin...

U.S. Dept Of Defense: MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass

Summary: MSSQL injection via param Customwho in https://███████/News/Transcripts/Search/Sort/ Description: MSSQL injection via param Customwho in https://██████████/News/Transcripts/Search/Sort/ There is WAF, but we can make bypass and via global variable @@LANGID we can know that the base is use...

everythingtrackandfield.com XSS vulnerability

Open Bug Bounty ID: OBB-427862 Description| Value ---|--- Affected Website:| everythingtrackandfield.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

PHPIPAM 'edit-group.php' Cross-Site Scripting Vulnerability

phpipam is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpipam version 1.2.2, which can be exploited by remote attackers to inject arbitrary web script or HTML due to the failure of edit/php scripts to adequately...

CVE-2012-4031

Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. dot dot in the 1 lang or 2 langid cookie to port 85...

Directory traversal

Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. dot dot in the 1 lang or 2 langid cookie to port 85...

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The issue is in the /src/acloglogin.php langid and lang parameters...

Cross-site Scripting (XSS) Vulnerability in CMSQLite

High-Tech Bridge SA Security Research Lab has discovered vulnerability in CMSQLite which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CMSQLite The vulnerability exists due to input sanitation error in the "langId" parameter in...

CVE-2006-6776

CVE-2006-6776 involves multiple SQL injection vulnerabilities in the Future Internet application. According to NVD/CVE records, remote attackers can execute arbitrary SQL commands via parameters in index.cfm: (1) newsId, (2) categoryid for Portal.Showpage, or (3) langId. The provided metrics indi...