CVE-2026-36725

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the noticecontent parameter...

CVE-2026-5643

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $SERVER'PHPSELF' leads to cross...

PT-2025-53418

Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A buffer overflow issue exists in UTT 进取 512W. The issue is related to the strcpy function within the /goform/formConfigNoticeConfig file. Manipulation of the timestart argument can trigger...

PT-2025-6608 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: The WP Project Manager versions up to, and including, 2.6.17 Description: The issue is related to a missing capability check in the "/pm/v2/settings/notice" endpoint, which can lead to unauthorized loss of data. This allows authenticated...

PT-2019-9958 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: A reflected cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to the "public/notice.php" endpoint. Recommendations: For Dolibarr version...