CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

Prototype Pollution

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to Prototype Pollution via the lng or ns parameters handled by the getResourcesHandler...

PT-2026-37151

Name of the Vulnerable Software and Affected Versions i18next-http-backend versions prior to 3.0.5 Description Versions of the library interpolate the lng and ns values directly into the configured loadPath or addPath URL templates without encoding, validation, or path sanitization. When...

CVE-2025-13121

CVE-2025-13121 affects cameasy Liketea 1.0.0. The vulnerability is in the API Endpoint’s front-end StoreController.php, specifically the list function, where improper handling/manipulation of the lng/lat arguments enables SQL injection. Multiple connected sources (NVD, Red Hat, CVE records, CNVD/...

PT-2025-46863

Name of the Vulnerable Software and Affected Versions cameasy Liketea version 1.0.0 Description A security issue exists in cameasy Liketea 1.0.0. The list function within the file laravel/app/Http/Controllers/Front/StoreController.php of the API Endpoint component is susceptible to SQL injection...

EUVD-2010-3672

Malware in sbrugna...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2010-3688

Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open source online questionnaire survey program from LimeSurvey team, which supports survey program development, questionnaire publishing and data collection. A security vulnerability exists in LimeSurvey version v6.6.2 and earlier versions, which stems from an...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

Sql injection

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...

Exploit for SQL Injection in Superstorefinder Super_Store_Finder

CVE-2023-41507 CVE-2023-41507 - Super Store Finder v3.6 was di...

CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...

lng-safety.com XSS vulnerability

Open Bug Bounty ID: OBB-559273 Description| Value ---|--- Affected Website:| lng-safety.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/lahti Vulnerable parameters: ctxvarshtml, ctxvarszoom, ctxvarsLat, ctxvarsLng PoC 1 html parameter https://blackfan.ru/localtapiola4567uytr567tre4567ytr/poc1html.html Result: html alertdocument.location PoC 2 zoom parameter...

Malware Attack on 2nd Largest Liquefied Natural Gas Producer

Reports have surfaced that liquified natural gas LNG producer RasGas, based in the Persian Gulf nation of Qatar, has been struck by an unidentified virus, this time shutting down its website and email servers. The malware, however, did not affect the company's operational computers that control t...