CicadasCMS 安全漏洞

CicadasCMS is a content management framework based on SpringBoot Mybatis SpringSecurity Vue developed by westboy individual developer in China. A security vulnerability exists in CicadasCMS, which originates from a cross-site scripting vulnerability in the Save function of the...

EUVD-2022-52345

Malicious code in bioql PyPI...

CVE-2025-9899

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...

CVE-2025-9899 Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...

CVE-2025-9899

The Trust Reviews plugin for WordPress (Trust Reviews) is vulnerable to Cross-Site Request Forgery in versions up to 1.0 due to missing nonce validation in feed_save. This could let unauthenticated attackers forge requests to create or modify feed entries by tricking a site administrator. Accordi...

CVE-2025-10173

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...

CVE-2025-10940

A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...

PT-2025-39359

Name of the Vulnerable Software and Affected Versions Total.js CMS version 1.0.0 Description A cross site scripting issue exists in Total.js CMS version 1.0.0. The issue is located in the layouts save function within the /admin/ file of the Layout Page component. Manipulation of the HTML argument...

CVE-2025-10389

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

CVE-2025-10389

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

PT-2025-37399

Name of the Vulnerable Software and Affected Versions: CRMEB versions up to 5.6.1 Description: A security flaw exists in CRMEB due to improper authorization when manipulating the ID argument within the Save function of the app/services/system/admin/SystemAdminServices.php file, specifically in th...

Linux Distros Unpatched Vulnerability : CVE-2023-39357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric,...

Linux Distros Unpatched Vulnerability : CVE-2016-3169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the...

Vvveb 注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An injection vulnerability exists in Vvveb version 1.0.5, which stems from code injection due to a misbehavior of the function Save in the file...

Improper Authorization

Overview pypickle is a pypickle is a Python library to save and load variables in pickle files. Affected versions of this package are vulnerable to Improper Authorization due to the Save function. An attacker can manipulate the authorization process by exploiting local access to the system. This ...

PYSEC-2025-46

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

CVE-2023-1559

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

CVE-2023-42230

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Cross Site Scripting XSS via the WSCView/Save function...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...