6094 matches found
EUVD-2022-55969
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50946
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...
CVE-2022-50944
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...
CVE-2022-50965
CVE-2022-50965 affects uBidAuction 2.0.1, specifically the posts/manage module. The vulnerability is a reflected cross-site scripting flaw where the filter functionality fails to sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scr...
CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...
CVE-2022-50946
The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...
CVE-2022-50946
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...
CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2022-50944
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...
PT-2026-39473
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...
PT-2026-39490
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...
CVE-2026-42569
creationtimestamp| type| source ---|---|--- 2026-05-09 21:00:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5akau6l2l 2026-05-09 21:33:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh742ogqh2i 2026-05-11 15:00:07+00:00| seen|...
CVE-2026-44738
creationtimestamp| type| source ---|---|--- 2026-05-09 10:54:58+00:00| published-proof-of-concept| https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9 2026-05-11 17:27:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsbarcwj2g 2026-05-11...
CVE-2026-42311
creationtimestamp| type| source ---|---|--- 2026-05-09 09:01:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlfv2rwk4q2i 2026-05-09 09:11:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlfvmp5sui2h...
CVE-2026-42193
creationtimestamp| type| source ---|---|--- 2026-05-08 22:28:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n 2026-05-08 22:36:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p 2026-05-09 07:30:30+00:00| seen|...
CVE-2026-42180
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...
CVE-2026-41497
creationtimestamp| type| source ---|---|--- 2026-05-08 20:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mlejsizxy42v 2026-05-08 21:19:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlentlkfvt2r...