CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...

CVE-2026-33888

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...

GHSA-PC9C-547W-HHMC Cross-site Scripting in Jenkins REST List Parameter Plugin

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

CVE-2015-1514

Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow 1 remote attackers to execute arbitrary SQL commands via the device ID REST parameter PATHINFO to /ajax.php or 2 remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php...

Sql injection

Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow 1 remote attackers to execute arbitrary SQL commands via the device ID REST parameter PATHINFO to /ajax.php or 2 remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php...

NGS000330 Technical Advisory: Squiz CMS File Path Traversal

======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray [email protected] Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ========...

Squiz CMS 11654 File Path Traversal Vulnerability

Exploit for php platform in category web applications ======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published...

CVE-2006-6269

Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in rating.asp, 2 the mealid parameter in mealrest.asp, and 3 the resid parameter in resdetails.asp...