CVE-2024-25312

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/subdelete.php?id=5."...

CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

CVE-2022-29665

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

CVE-2022-35558

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.94122 version, which can be exploited by attackers to cause a denial of service DoS via the index parameter...

CVE-2014-4036

Cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

CVE-2015-1577

Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a 1 .. dot dot or 2 full pathname in the f parameter...

CVE-2013-7474

Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users...

CVE-2014-5105

Multiple cross-site scripting XSS vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 acountry parameter in a process action to affiliatesignup.php or 2 entrycountryid parameter in an edit action to admin/createaccount.php...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

CVE-2010-5314

Cross-site scripting XSS vulnerability in controllers/homecontroller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index...

CVE-2025-29688

CVE-2025-29688 affects OA System prior to version 2025.01.01. It is a cross-site scripting (XSS) vulnerability where a crafted payload injected into the title parameter of the /daymanager/daymanageabilitycontroller.java endpoint allows execution of arbitrary web scripts or HTML. Root cause: insuf...

CVE-2025-4550

A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /admin/pass-details.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated...

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...

📄 MiniCMS 1.1 Cross Site Scripting

MiniCMS version 1.1 suffers from a cross site scripting vulnerability. Exploit Title: MiniCMS 1.1 Cross-Site Scripting XSS in date Parameter of mc-admin/page.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:...

CVE-2025-31125 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. This vulnerability is fixed in 6.2.4, 6.1.3,...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

CVE-2024-57599

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php...