CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

EUVD-2013-3875

Malware in sbrugna...

EUVD-2025-27102

Malicious code in bioql PyPI...

EUVD-2025-27101

Malicious code in bioql PyPI...

CVE-2025-10075

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10076

A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and...

CVE-2025-10075

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10076 SourceCodester Online Polling System manage-profile.php sql injection

A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and...

CVE-2025-10076 SourceCodester Online Polling System manage-profile.php sql injection

A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and...

CVE-2025-10076

CVE-2025-10076 affects SourceCodester Online Polling System 1.0. The vulnerability exists in the /manage-profile.php file where manipulation of the email parameter enables SQL injection. The issue can be exploited remotely and the exploit has circulated publicly. Impact is described as confidenti...

CVE-2025-10075 SourceCodester Online Polling System manage-profile.php cross site scripting

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10075 SourceCodester Online Polling System manage-profile.php cross site scripting

A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10075

SourceCodester Online Polling System 1.0 contains a cross-site scripting (XSS) flaw in /manage-profile.php triggered by manipulating the firstname parameter. The vulnerability can be exploited remotely and exploits have been released publicly. Multiple sources (NVD, Red Hat, CNNVD, PT-Security, a...

PT-2025-36424

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A SQL injection weakness exists in SourceCodester Online Polling System 1.0. The issue affects an unknown function within the /manage-profile.php file. Manipulation of the email...

SourceCodester Online Polling System Code 代码注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A code injection vulnerability exists in SourceCodester Online Polling System Code version 1.0, which stems from improper handling of parameters in the /manage-profile.php file, and could lead to...

PT-2025-36423

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A security flaw exists in SourceCodester Online Polling System 1.0. The issue is related to cross site scripting, triggered by manipulating the firstname argument of an unknown...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote authenticated attacker is able to inject arbitrary Javascript via the Display Name field under Manage Profile...

CVE-2013-3943

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile...