EUVD-2026-30986

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

EUVD-2026-19825

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

EUVD-2015-5470

Malware in sbrugna...

CVE-2024-4627

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

CVE-2024-53355

Multiple incorrect access control issues in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealias route; 4 delete users via the...

Cross site scripting

The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting XSS vulnerability. Only...

0day Drupal <= 6.15 Multiple Permanent XSS

Exploit for unknown platform in category web applications ========================================== 0day Drupal = 6.15 Multiple Permanent XSS ========================================== Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code : http://www.backtrack.it/emgent/exploits/DrupalMultiplePermanentXss-20090107.tx...