16 matches found
CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...
EUVD-2023-42858
Malicious code in bioql PyPI...
Kashipara Computer Base Test project in PHP 安全漏洞
Kashipara Computer Base Test project in PHP is a web application from Kashipara Inc. A security vulnerability exists in Kashipara Computer Base Test project in PHP v1.0, which stems from insufficient cleanup of the parameter smyFeedbacks in the file /users/adminpanel/admin/home.php, which could...
CVE-2025-8929 code-projects Medical Store Management System MainPanel.java sql injection
A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
CVE-2025-6880
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has...
SourceCodester Best Salon Management System 注入漏洞
SourceCodester Best Salon Management System is an open source salon management system from SourceCodester. SourceCodester Best Salon Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameters fromdate/todate in the file...
InnoShop 安全漏洞
InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from a flaw in the file manager functionality of the admin panel that could lead to code execution...
CVE-2025-1982
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files...
PT-2025-3786 · Unknown · Tmd Custom Header Menu
Name of the Vulnerable Software and Affected Versions: TMD Custom Header Menu version 4.0.0.1 Description: A problem was found in the processing of the file /admin/index.php. The manipulation of the headermenu id argument leads to SQL injection. The attack may be initiated remotely. The complexit...
CVE-2024-8866
A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2024-27102 Improper isolation of server file access in github.com/pterodactyl/wings
Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
CVE-2021-39319
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8...
CMS Made Simple <= 2.2.14 Multiple XSS Vulnerabilities
CMS Made Simple is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress YIT Plugin Framework Unauthorized Modification Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.YIT Plugin Framework is one of the YIT plugin frameworks used in it. A security vulnerability exists in the...
Burst a few over-active Defense method-vulnerability warning-the black bar safety net
Generally the Trojan is added from the start is antivirus software active defense, or 3 6 0 intercept,a few days ago in an online found several registry since the start of the method,the effect is also good,can be considered currently active Defense of a large Dead Space,even of micro-point turne...