CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

CVE-2025-14127

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2019-18530 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.4 Description: A Reflected Cross Site Scripting XSS issue exists due to insecure utilization of the $ REQUEST'PHP SELF' variable in multiple views under web/skins/classic/views, without proper filtration...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities

NewAngels Advisory 5 Stylemotion WEB//NEWS 1.4 ============================================================================= Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkelfisch' Verton...

stylemotion.txt

NewAngels Advisory 5 Stylemotion WEB//NEWS 1.4 ============================================================================= Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkelfisch' Verton...