PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

EUVD-2015-1129

Malware in sbrugna...

EUVD-2022-52301

Malicious code in bioql PyPI...

EUVD-2024-33356

Malicious code in bioql PyPI...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2015-10119

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

CVE-2024-10928 MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

CVE-2015-10119

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

CVE-2015-10119

CVE-2015-10119 affects the WordPress View All Posts Page Plugin up to version 0.9.0. The issue resides in the action_admin_notices_activation function and enables cross-site scripting, with remote initiation possible. A fix is available in version 0.9.1; apply upgrade to address the vulnerability...

CVE-2015-10119 View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scripting

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

PT-2023-10297 · WordPress · View All Posts Page Plugin

Name of the Vulnerable Software and Affected Versions: View All Posts Page Plugin versions prior to 0.9.1 Description: A problematic issue has been found in the View All Posts Page Plugin on WordPress, affecting the action admin notices activation function of the file view-all-posts-pages.php. Th...

CVE-2022-30378

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/viewpost&id=...

October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=posts...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Deserialization of untrusted data

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

CVE-2018-7198

CVE-2018-7198 affects October CMS up to version 1.0.431, specifically the RainLab Blog Plugin. It enables stored XSS by entering HTML on the Add Posts page, allowing a malicious payload to be stored and subsequently executed. The issue is documented across multiple sources (GHSA/OSV and exploit r...

CVE-2018-7198

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...