CVE-2025-50190

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

CVE-2026-3452

Concrete CMS versions below 9.4.8 are vulnerable to Remote Code Execution via stored PHP object injection in the Express Entry List block, using the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed ...

PT-2026-22962

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

📄 WordPress AI Buddy 1.8.5 Shell Upload

Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...

CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

CVE-2026-3487

The CVE-2026-3487 entry concerns itsourcecode College Management System 1.0. A SQL injection flaw affects the handling of /admin/class-result.php, where manipulating the course_code argument enables remote, unauthenticated exploitation. The vulnerability is publicly exploited or publicly disclose...

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pets Club versions = 2.3...

WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Handyman versions = 1.4.7...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

EUVD-2026-9273

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

CVE-2026-26885

CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...

CVE-2026-26886

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manageservice.php...

Debian: Security Advisory (DSA-6154-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-26888

Sourcecodester Pharmacy Point of Sale System v1.0 is affected by SQL Injection in /pharmacy/manage_stock.php. Root cause is unsanitized input in the SQL query. CVSS details (NVD) indicate a Network attack vector, Low base impact (C/L, I/N, A/N), with a base score of 2.7 and HIGH privileges requir...

CVE-2026-26885

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...

PT-2026-22949

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...

[SECURITY] [DSA 6154-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6154-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 02, 2026 https://www.debian.org/security/faq -...