PT-2026-41350

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

CVE-2025-12330

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...

CVE-2025-12330

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...

CVE-2025-12330 Willow CMS Add Post add cross site scripting

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...

CVE-2025-12330

CVE-2025-12330 affects Willow CMS up to 1.4.0. The vulnerability stems from improper handling of parameters in /admin/articles/add (Add Post Page), where manipulation of title/body leads to cross-site scripting. Exploitation can be remote, and public exploits exist. Impact is limited to the descr...

CVE-2025-12330 Willow CMS Add Post add cross site scripting

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit h...

PT-2025-44057

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1 Description A security flaw exists in Willow CMS that allows for cross site scripting. The issue is related to the processing of the file '/admin/articles/add' within the Add Post Page component. Manipulation...

EUVD-2017-1590

Malware in sbrugna...

EUVD-2022-51755

Malicious code in bioql PyPI...

EUVD-2025-3367

Malicious code in bioql PyPI...

EUVD-2023-40475

Malicious code in bioql PyPI...

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

WordPress Restore Permanently delete Post or Page Data plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Restore Permanently delete Post or Page Data versions = 1.0...

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

PT-2025-33302 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog application built with Flask. Improper sanitization of the postContent parameter when submitting POST requests to the /createpost API endpoint leads to arbitrary JavaScript...

WordPress plugin Post and Page Builder by BoldGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2025-52713

Server-Side Request Forgery SSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through = 1.27.8...

PT-2025-26406 · Boldgrid · Post/Page Builder By Boldgrid

Name of the Vulnerable Software and Affected Versions: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor versions 1.27.8 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user...