EUVD-2025-29095

Malicious code in bioql PyPI...

CVE-2025-10368

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-10368 MiczFlor RPi-Jukebox-RFID manageFilesFolders.php cross site scripting

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made...

PT-2025-37374

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross site scripting issue exists due to manipulation of an unknown functionality within the /htdocs/manageFilesFolders.php file. Remote exploitation is possible. The exploit has...

RPi-Jukebox-RFID 代码注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A code injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and earlier,...

pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.5 and prior versions that originated from a vulnerability that allows an attacker who knows the username and password of a legitimate...

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev5. An attacker can exploit the vulnerability to run arbitrary code via the Manage Files feature...

Shopizer Cross-Site Scripting Vulnerability (CNVD-2022-70092)

Shopizer is a Java-based e-commerce solution from the Shopizer team. 2.0 to 2.17.0 versions of Shopizer are vulnerable to a cross-site scripting vulnerability in which the file name under the "Manage Files" tab lacks validation filters for user-supplied and output data. An attacker could use this...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

CVE-2022-23060 Shopizer - Stored XSS in Manage Files

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

Shopizer 跨站脚本漏洞

Shopizer is a Java-based e-commerce solution from the Shopizer team. 2.0 to 2.17.0 versions of Shopizer are vulnerable to a cross-site scripting vulnerability in which the file name under the "Manage Files" tab lacks validation filters for user-supplied and output data. An attacker could use this...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

Pluck Code Issue Vulnerability

Pluck is a Content Management System CMS developed in PHP. A code issue exists in Pluck CMS versions prior to 4.7.13, which stems from a file upload limit bypass vulnerability that allows a privileged administrator user to access the host computer via the "Manage Files" feature, which could lead ...

Enigma NMS 65.0.0 - Cross-Site Request Forgery

-------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...

CVE-2016-10731

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...