80 matches found
PT-2026-24984
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
EUVD-2018-8290
Malware in sbrugna...
EUVD-2008-2490
Malware in sbrugna...
EUVD-2025-31112
Malicious code in bioql PyPI...
EUVD-2025-26274
Malicious code in bioql PyPI...
CVE-2025-46148
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...
CVE-2025-46148
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistancep=2 produces incorrect results...
CVE-2025-9692
A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used...
PT-2025-33078 · S40 Cms · S40 Cms
Name of the Vulnerable Software and Affected Versions: S40 CMS version 0.4.2 Description: S40 CMS version 0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary fil...
WordPress Bricks Builder plugin <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter vulnerability
Unauthenticated SQL Injection via p Parameter vulnerability discovered by Jamie Burchell in WordPress Theme Bricks Builder versions = 1.12.4...
VulnCheck KEV: CVE-2025-6495
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...
CVE-2014-3846
Cross-site scripting XSS vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php...
CVE-2011-1009
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter...
CVE-2024-49505
Summary: CVE-2024-49505 is a reflected-cross-site scripting (XSS) vulnerability in openSUSE Tumbleweed MirrorCache. The issue arises from improper input neutralization in the web page generation process, specifically affecting the REGEX and P parameters. Affected versions are MirrorCache before 1...
CVE-2024-49505 XSS vulnerability found in OpenSuse MirrorCache
A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083...
PT-2024-33540 · Opensuse · Opensuse Tumbleweed Mirrorcache
Name of the Vulnerable Software and Affected Versions: openSUSE Tumbleweed MirrorCache versions prior to 1.083 Description: A Cross-site Scripting vulnerability exists in openSUSE Tumbleweed MirrorCache, allowing the execution of arbitrary JavaScript via reflected XSS in the REGEX and P parameter...
EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-3507)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...
CVE-2023-34545
A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL...
CVE-2023-34545
A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL...
CSZCMS SQL注入漏洞
CSZCMS is an open source web application that allows to manage all the content and settings on the website. A SQL injection vulnerability exists in CSZCMS version 1.3.0 that stems from the application's lack of validation of externally entered SQL statements. A remote attacker can exploit the...