PT-2025-6618 · WordPress · Listivo

Name of the Vulnerable Software and Affected Versions: Listivo - Classified Ads WordPress Theme versions up to, and including, 2.3.67 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-1821 · Woocommerce · Wc Affiliate

Name of the Vulnerable Software and Affected Versions: WC Affiliate – A Complete WooCommerce Affiliate Plugin versions up to, and including, 2.4 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allow...

PT-2024-31254 · Unknown · Picuploader

Name of the Vulnerable Software and Affected Versions: PicUploader version fcf82ea Description: A cross-site scripting XSS issue exists in the /auth/AzureRedirect.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error description...

PT-2024-36685 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to, and including, 3.16 Description: The issue allows authenticated attackers with contributor-level access and above to perform time-based SQL Injection via the order parameter within...

PT-2024-25123 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered in Roothub via the s parameter in the search function. This allows for potential exploitation. No information is provided about the estimated number of potentially affected...

PT-2023-32649 · Unknown · Voovi Social Networking Script

Name of the Vulnerable Software and Affected Versions: Voovi Social Networking Script version 1.0 Description: A SQL injection vulnerability has been reported, affecting the videos.php endpoint in the id parameter. This could allow a remote attacker to send a specially crafted SQL query to the...

PT-2023-25549 · Audimexee · Audimexee

Name of the Vulnerable Software and Affected Versions: Audimexee version 14.1.7 Description: The issue is a SQL injection vulnerability that can be exploited via the p table name parameter. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or...

PT-2023-23542 · Unknown · Online Travel Agency System

Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the emp id parameter at the "employee edit.php" endpoint. This enables the attacker to potentially access and...

PT-2023-2141 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version V7.4cu.2313 B20191024 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the enabled parameter at the "/setting/setWanIeCfg" API endpoint. The vulnerability...

PT-2022-5714 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to buffer overflow errors in the NETGEAR R7000P router's embedded software. Exploitation of this issue may allow a remote attacker to execute arbitrary code through the apmode...

UBUNTU-CVE-2017-11329

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entityrestrict parameter that is not a list of integers...