PT-2026-35959

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save menu of the file /admin/admin class novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

EUVD-2026-25989

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

EUVD-2025-206549

Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12...

EUVD-2025-25354

Malicious code in bioql PyPI...

EUVD-2022-44883

Malicious code in bioql PyPI...

EUVD-2023-47769

Malicious code in bioql PyPI...

Akınsoft QR Menü 安全漏洞

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...

CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through = 1.8...

CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through = 1.8...

CVE-2022-41698

Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3...

CVE-2025-32477

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through = 0.41...

CVE-2025-3157

CVE-2025-3157 affects Intelbras WRN 150 firmware version 1.0.15_pt_ITB01, specifically the Wireless Menu component. The root cause is improper handling/manipulation of the SSID argument, which enables cross-site scripting (XSS). The vulnerability can be exploited remotely, and public disclosures ...

CVE-2025-2213

The CVE-2025-2213 entry corresponds to Castlenet CBW383G2N (Wireless Menu /wlanPrimaryNetwork.asp). The vulnerability is a cross-site scripting flaw triggered by manipulating the SSID parameter (example payload: ). It can be exploited remotely and affects unknown code paths in the Wireless Menu c...

The vulnerability of the select-menu.php web system for the online reservation Multi Restaurant Table Reservation System allows a perpetrator to execute arbitrary code.

The vulnerability of the select-menu.php web system for the online reservation system of the Multi Restaurant Table Reservation System is related to the lack of measures taken to protect the SQL query structure when processing the table parameter. Exploiting this vulnerability allows an attacker ...

CVE-2025-1617 Netis WF2780 Wireless 2.4G Menu cross site scripting

A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The vendor was contacte...

PT-2024-20254 · WordPress · Float Menu

Name of the Vulnerable Software and Affected Versions: The Float menu WordPress plugin versions prior to 6.0.1 Description: The issue is related to the lack of a CSRF check in the bulk actions of the plugin, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF...

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...

DRUPAL-CONTRIB-2021-040

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not use CSRF tokens to protect routes for saving menu configurations. This vulnerability can be exploited by an anonymous user...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...

CVE-2009-3056

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGAdminPath parameter...