1107 matches found
CVE-2026-8117
CVE-2026-8117 concerns SourceCodester Pizzafy Ecommerce System 1.0. The issue arises from vulnerable handling of the argument in /admin/index.php , allowing cross-site scripting (XSS) via manipulated input. The attack can be carried out remotely and the exploit has been publicly disclosed. The co...
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-7856
CVE-2026-7856 affects D-Link DI-8100 Web Management Interface; a buffer overflow in /url_member.asp when manipulating the Name parameter can be triggered remotely. An exploit has been published; details on remediation/patch are not provided in the available documents.
EUVD-2026-27209
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
CVE-2026-6704 affects the WordPress WordPress Blog Settings plugin. It is vulnerable to a reflected Cross-Site Scripting attack via the 'page' parameter in all versions up to 1.0 due to insufficient input sanitization and output escaping. The weakness allows unauthenticated attackers to craft a l...
CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
PT-2026-36961
Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...
Tenda 4G300 缓冲区错误漏洞
The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the function sub427C3C within the file/goform/SafeMacFilte...
CVE-2026-7269 SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-7078
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released ...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the fromwebExcptypemanFilter function in the httpd component’s/goform/webExcptypemanFilter file, where improper...
CVE-2026-7056
A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be...
CVE-2026-7056 Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be...
CVE-2026-7030 Tenda F456 RouteStatic fromRouteStatic buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from improper handling of the page parameter in the SafeEmailFilter function of the/goform/SafeEmailFilter file, which may...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from improper handling of the page parameter in the fromRouteStatic function within the/goform/RouteStatic file, which may...