CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

CVE-2026-6122

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

CVE-2025-15455

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function deletepage of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-15455

CVE-2025-15455 affects bg5sbk MiniCMS up to version 1.8. The vulnerability exists in the delete_page function of /minicms/mc-admin/page.php (File Recovery Request Handler) where improper authentication can be manipulated to enable remote exploitation. Public exploit material has been published. M...

PT-2026-1209

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8 Description A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue is located in the delete page function within the /minicms/mc-admin/page.php file of the File Recover...

PT-2025-53591

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3 Description The application does not properly sanitize input in the section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigatin...

EUVD-2025-201393

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

WordPress plugin LMB Box Smileys 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

EUVD-2021-21287

Malware in sbrugna...

EUVD-2022-47873

Malicious code in bioql PyPI...

WordPress plugin USS Upyun 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

CVE-2025-9769 D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...

CVE-2022-44946

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pagesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

The vulnerability of the bj10v_print_page() function in the contrib/japanese/gdev10v.c file of the BJ10V Device component of the software development kit for processing, transforming, and generating Ghostscript documents, allowing a malicious individual to execute arbitrary code or cause a service failure.

The vulnerability of the bj10vprintpage function in the contrib/japanese/gdev10v.c file of the BJ10V Device component of the software development kit for processing, transforming, and generating Ghostscript documents is related to the copying of buffers without checking the size of the input data...

CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function...

PT-2024-38837 · Unknown · Continew Admin

Name of the Vulnerable Software and Affected Versions: ContiNew Admin version 3.2.0 Description: A critical issue was found in ContiNew Admin, affecting the function top.continew.starter.extension.crud.controller.BaseControllerpage of the file /api/system/user?deptId=1&page=1&size=10. The...

CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function...

The vulnerability of the secs.epc_page function in the sgx component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the secs.epcpage function in the sgx component of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-24115

A stored cross-site scripting XSS vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-24115

A stored cross-site scripting XSS vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...