757 matches found
EUVD-2025-201979
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.2...
CVE-2025-63048
The CVE-2025-63048 entry relates to a DOM-Based XSS in the WordPress ListingPro Lead Form plugin (versions <= 1.0.2) caused by improper input neutralization during web page generation. Affected component: ListingPro Lead Form plugin for WordPress; compromised surface is the Lead Form functiona...
CVE-2025-63049
CVE-2025-63049 concerns the WordPress ListingPro Lead Form plugin (versions
WordPress plugin ListingPro Lead Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-50050
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.2...
PT-2025-50051
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through = 1.0.2...
WordPress plugin ListingPro Lead Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2025-144678
Malicious code in aps-lead-manda npm...
MAL-2025-162453 Malicious code in nokire-arjuna40 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c373a0a78a5aa0afc351a840c8e83c7cdfda462afed5664f69e6687eb946dfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Watch out for Walmart gift card scams
You’ve probably seen it before—a bright, urgent message claiming you’ve qualified for a $750 or $1000 Walmart gift card. All you have to do is answer a few questions. It looks harmless enough. But once you click, you find yourself in a maze of surveys, redirects, and "partner offers"—without ever...
CVE-2025-56450
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...
📄 Log2Space Subscriber Management Software 1.1 SQL Injection
Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...
Spacecom Log2Space Subscriber Management Software 安全漏洞
Spacecom Log2Space Subscriber Management Software is a subscriber user management software from Spacecom India. A security vulnerability exists in Spacecom Log2Space Subscriber Management Software version 1.1, which stems from a failure to validate and clean the leadid parameter in the...
CVE-2025-56450
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...
CVE-2025-56450
CVE-2025-56450 affects Log2Space Subscriber Management Software 1.1. The vulnerability is an unauthenticated SQL injection in the /l2s/api/selfcareLeadHistory endpoint, exploitable via the lead_id parameter in a crafted POST request. The backend fails to sanitize input, enabling enumeration of da...
EUVD-2025-35180
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...
WordPress ListingPro Lead Form plugin <= 1.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingPro Lead Form versions = 1.0.2...
WordPress ListingPro Lead Form plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingPro Lead Form versions = 1.0.2...
EUVD-2019-8930
Malware in sbrugna...
EUVD-2014-5087
Malware in sbrugna...