EUVD-2026-17895

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

PT-2026-29521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

WordPress plugin WPGSI: Spreadsheet Integration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There are security vulnerabilities in Mattermost versions 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, 11.2.1 and earlier 11.2.x series, as well as in Mattermost Plugin Zoom...

CVE-2024-41144

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

EUVD-2009-4764

Malware in sbrugna...

EUVD-2024-2662

Malicious code in bioql PyPI...

EUVD-2025-15957

Malicious code in bioql PyPI...

CVE-2024-32945 LaTeX post content manipulation via renderer state leak across contexts

Mattermost Mobile Apps versions =2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions...

CVE-2024-4204

Bulk Posts Editing For WordPress (Plugin) is vulnerable to Cross-Site Request Forgery in all versions up to 4.2.3 due to missing or incorrect nonce validation on AJAX actions. This could allow unauthenticated attackers to create/duplicate posts, retrieve post content, and modify post taxonomy by ...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Sielco PolyEco Digital FM Transmitter 2.0.6 Radio Data System POST Manipulation

Summary PolyEco is the innovative family of high-end digital FM transmitters of Sielco. They are especially suited as high performance power system exciters or compact low-mid power transmitters. The same cabinet may in fact be fitted with 50, 100, 300, 500, 1000W power stage PolyEco50, 100, 300,...

CVE-2022-40205 WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...

ActiveDEMAND plugin <= 0.2.27 - Unauthenticated Post Creation/Update/Deletion

The plugin does not have any authorisation in some of its REST route, which could allow unauthenticated users to delete, create and update arbitrary post...

CVE-2020-9514

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

ExpressionEngine: [EE] change the author of post using the author_id

@flex0geek discovered that users with permission to edit entries in the control panel could manipulate the form or POST submission and set an invalid author as the author of that entry. @flex0geek gave a detailed report with step-by-step instructions for replicating and screen captures of a their...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...