CVE-2022-50965

CVE-2022-50965 affects uBidAuction 2.0.1, specifically the posts/manage module. The vulnerability is a reflected cross-site scripting flaw where the filter functionality fails to sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scr...

CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2022-50946

The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...

CVE-2022-50946

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

PT-2026-39490

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

CVE-2026-42569

creationtimestamp| type| source ---|---|--- 2026-05-09 21:00:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5akau6l2l 2026-05-09 21:33:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh742ogqh2i 2026-05-11 15:00:07+00:00| seen|...

CVE-2026-44738

creationtimestamp| type| source ---|---|--- 2026-05-09 10:54:58+00:00| published-proof-of-concept| https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9 2026-05-11 17:27:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsbarcwj2g 2026-05-11...

CVE-2026-42311

creationtimestamp| type| source ---|---|--- 2026-05-09 09:01:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlfv2rwk4q2i 2026-05-09 09:11:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlfvmp5sui2h...

CVE-2026-42193

creationtimestamp| type| source ---|---|--- 2026-05-08 22:28:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n 2026-05-08 22:36:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p 2026-05-09 07:30:30+00:00| seen|...

CVE-2026-42180

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...

CVE-2026-41497

creationtimestamp| type| source ---|---|--- 2026-05-08 20:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mlejsizxy42v 2026-05-08 21:19:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlentlkfvt2r...

CVE-2026-42180

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...

CVE-2026-41584

creationtimestamp| type| source ---|---|--- 2026-05-08 18:50:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlefivlihl2r 2026-05-08 18:50:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlefivlihl2r 2026-05-08 19:04:00+00:00| seen|...

CVE-2026-41583

creationtimestamp| type| source ---|---|--- 2026-05-08 18:30:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mleef5vlvz2h 2026-05-08 18:30:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mleef5vlvz2h 2026-05-08 19:00:28+00:00| seen|...

CVE-2026-6213

creationtimestamp| type| source ---|---|--- 2026-05-08 10:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116538489534406589 2026-05-08 10:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mldjlhz44r2o 2026-05-08 10:55:38+00:00| seen|...