CVE-2019-25642

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

EUVD-2025-200109

Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions...

PT-2025-48560

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description Grav is a file-based Web platform. Improper authorization checks when modifying critical fields on a POST request to the /admin/pages/page name endpoint allow an editor with limited permissions ...

EUVD-2025-25764

Malicious code in bioql PyPI...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-9429

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-9429

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-9429

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-9429 mtons mblog Post submit cross site scripting

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

PT-2025-34720 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A security vulnerability has been detected in mtons mblog. The vulnerability affects unknown code within the /post/submit file of the Post Handler component. Manipulation of the content/title...

WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion

Exploit Title: Wordpress Really Simple Guest Post File Include Google Dork: inurl:"really-simple-guest-post" intitle:"index of" Date: 04/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/really-simple-guest-post/ Version: =1.0.6 Tested on: Linux The vulnerable file is...

TT Guest Post Submit 1.0.0 - tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion

The TT Guest Post Submit WordPress plugin was affected by a tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion security vulnerability...

WordPress TT Guest Post Submit Plugin <= 1.0.0 - Remote File Inclusion

This plugin is prone to a tt-guest-post-submit-submit.php rootpath parameter remote file inclusion vulnerability. Solution Upgrade this plugin...