92974 matches found
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...
CVE-2025-69768
CVE-2025-69768 describes an SQL injection vulnerability in Chyrp prior to version 2.5.2 affecting the Admin.php component, enabling a remote attacker to potentially obtain sensitive information via that interface. The document notes affected software (Chyrp v2.5.2 and earlier) and the vulnerable ...
Chyrp 安全漏洞
Chyrp is a lightweight blog engine developed by Chyrp OpenSource. Versions of Chyrp 2.5.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an SQL injection vulnerability in the Admin.php component, which could allow remote attackers to obtain sensitive informatio...
CVE-2025-69768
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...
CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...
web-attack-payloads
Web Attack Payloads Collection !Cybersecurityhttps://img.s...
CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...
Exploit for Improper Input Validation in Typo3
TYPO3 CVE-2020-15099 — Unauthenticated RCE PHP Object Injecti...
Exploit for Out-of-bounds Read in Php
CVE-2022-31630 – Proof of Concept Exploit Peringatan: Kode ini...
EUVD-2026-11903
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...
CVE-2026-3838 Unraid Update Request Path Traversal Remote Code Execution Vulnerability
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
CVE-2026-32369
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...
CVE-2026-32401
The CVE-2026-32401 entry concerns the WordPress plugin WordPress Client Invoicing by Sprout Invoices (Sprout Invoices) affecting versions up to 20.8.9. It is caused by an improper control of the filename used in PHP include/require statements, leading to PHP Local File Inclusion (LFI). The vulner...
CVE-2026-32401 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...
CVE-2026-32384
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through = 1.2.9...
CVE-2026-32384
CVE-2026-32384 describes an Improper Control of Filename for Include/Require Statement (PHP Local File Inclusion) in the WordPress plugin magepeopleteam WpBookingly service-booking-manager. Affected: WpBookingly versions up to 1.2.9. Underlying issue is local file inclusion via include/require th...
CVE-2026-32369
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...
CVE-2026-32369 WordPress Medilink-Core plugin < 2.0.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...
CVE-2026-32364
CVE-2026-32364 relates to a Local File Inclusion in the WordPress Turbo Manager plugin (turbo-manager) via an improper control of the filename for include/require statements in PHP. The vulnerability affects Turbo Manager versions earlier than 4.0.8. The underlying issue is an insecure handling o...