CVE-2026-4225

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

CVE-2026-4241

The CVE-2026-4241 entry concerns itsourcecode College Management System 1.0. An SQL injection vulnerability affects an unknown function in /admin/time-table.php via manipulation of the course_code argument. Impact is user-controlled input leading to potential disclosure or modification of data; t...

WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Infinite Scroll versions = 1.6.2...

WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...

WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

PT-2026-25787

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

VulnCheck KEV: CVE-2020-37123

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

Unraid 路径遍历漏洞

Unraid is a set of operating systems developed by Unraid Corporation, primarily intended for individuals and small businesses. Unraid has a path traversal vulnerability; this issue stems from the lack of validation for the paths provided by users in the auth-request.php file, which may lead to pa...

PT-2026-25798

Name of the Vulnerable Software and Affected Versions Buffalo TeraStation NAS TS5400R versions 4.02-0.06 and earlier Description An excessive file permissions issue exists in Buffalo TeraStation NAS TS5400R. Authenticated attackers can read the /etc/shadow file by uploading and executing a PHP fi...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...

CVE-2025-69768

CVE-2025-69768 describes an SQL injection vulnerability in Chyrp prior to version 2.5.2 affecting the Admin.php component, enabling a remote attacker to potentially obtain sensitive information via that interface. The document notes affected software (Chyrp v2.5.2 and earlier) and the vulnerable ...

Chyrp 安全漏洞

Chyrp is a lightweight blog engine developed by Chyrp OpenSource. Versions of Chyrp 2.5.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an SQL injection vulnerability in the Admin.php component, which could allow remote attackers to obtain sensitive informatio...

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...

CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...