SUSE CVE-2026-23451

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Free and Open Source Inventory Management System v1.0 that could allow an attacker to execute arbitrary web script or HTML by injecting a crafted payload into the Ad...

LavaLite Stored Cross-site Scripting vulnerability

A stored cross site scripting XSS vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the New parameter...

Cross site scripting

A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...

LavaLite 跨站脚本漏洞

Lavalite is an open source content management system developed using the Laravel framework. A stored cross-site scripting vulnerability exists in the /admin/contact/contact component of LavaLite version 5.8.0, which can be exploited by an attacker to execute arbitrary Web script or HTML via the...

LavaLite 跨站脚本漏洞

Lavalite is an open source content management system developed using the Laravel framework. A stored cross-site scripting vulnerability exists in the /admin/roles/role component of LavaLite version 5.8.0, which can be exploited by an attacker to execute arbitrary Web script or HTML via the ""New"...

CVE-2017-9621

Cross-site scripting XSS vulnerability in modules/Base/Lang/Administrator/updatetranslation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 original or 2 new parameter...

Sql injection

SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action...

CVE-2008-1913

SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action...