CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting (XSS) vulnerability in grunion-form-view.php via the post_id parameter. Unauthenticated attackers can craft URLs with script payloads in post_id to execute arbitrary JavaScript in victims’ browsers. A public exploit exists per...

CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50957

CVE-2022-50957 concerns Drupal “avatar_uploader” module for version 7.x-1.0-beta8, containing a reflected cross-site scripting vulnerability. The issue arises when an attacker crafts a URL that includes a script payload in the file parameter of avatar_uploader.pages.inc, enabling execution of arb...

CVE-2022-50956

Affected software/impact: WordPress plugin amministrazione-aperta version 3.7.3 contains a local file read vulnerability. The root cause is insufficient input validation in the open parameter used by dispatcher.php, which allows unauthenticated attackers to supply file paths to read sensitive fil...

CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php ...

CVE-2022-50956

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php ...

CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php ...

CVE-2022-50954

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

EUVD-2026-28982

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2026-8231

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2026-8217 Industrial Application Software IAS Canias ERP RMI Runtime.getRuntime.exec os command injection

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. T...

PT-2026-39524

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code i...

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

PT-2026-39503

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

PT-2026-39513

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat code parameter. Attackers can authenticate, submit a POST request to...

Aero CMS 代码注入漏洞

Aero CMS is a content management system developed by the American company Aero CMS. Version 0.0.1 of Aero CMS has a code injection vulnerability. This vulnerability stems from PHP code injection in the image parameter, which may allow authenticated attackers to execute arbitrary PHP code by...

PT-2026-39459

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...