CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

PT-2026-45272

A vulnerability was found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission form check.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

PT-2026-25635

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

EUVD-2026-11486

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

CVE-2026-3964 OpenAkita Chat API Endpoint shell.py run os command injection

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

CVE-2026-3964

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

PT-2026-24895

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

CVE-2026-1700

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

EUVD-2007-1497

Malware in sbrugna...

PT-2025-39459

Name of the Vulnerable Software and Affected Versions GuanxingLu vlarl versions prior to 31abc0baf53ef8f5db666a1c882e1ea64def2997 Description A flaw exists in the experiments.robot.bridge.reasoning server::run reasoning server function within the experiments/robot/bridge/reasoning server.py file ...

PT-2025-37365

Name of the Vulnerable Software and Affected Versions: WhatCD Gazelle versions prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3 Description: A vulnerability exists in WhatCD Gazelle that allows for cross-site scripting. The issue is located in an unknown function within the...

CVE-2024-8867

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be...

CVE-2023-3754

A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/messageread/xxxxxxxxrandom-msg-hash. The manipulation of the argument message leads to cross site scripting. It is...

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

tomcat: Cross-Site-Scripting enabled by sendError call

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

Format string

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the createctcpmessage function using the message argument to the 1 me or 2 ctcp commands, and possibly related vectors involving the 3 whois, 4...

CVE-2007-1503

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the createctcpmessage function using the message argument to the 1 me or 2 ctcp commands, and possibly related vectors involving the 3 whois, 4...