CVE-2026-25156

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

EUVD-2026-5000

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

CVE-2026-25156

HotCRP (versions 2025-10 to 2026-01) delivered inline content for all document types due to Content-Disposition handling, allowing HTML/SVG to render in the browser with HotCRP credentials and potential API access. Root cause: a commit introduced this behavior; it affected development versions an...

iiCMS 代码注入漏洞

iCMS is a software application. It is an efficient and simple content management system built with PHP and MySQL. A code injection vulnerability exists in iCMS 8.0.0 and earlier versions, which stems from an incorrect operation of the parameter config by the Save function in the POST Parameter...

PT-2025-46333

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'...

CVE-2024-22491

A Stored Cross Site Scripting XSS vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter...

JSite 代码注入漏洞

JSite is JSite open source rapid development framework for a backend management system . JSite 1.0 version of the code injection vulnerability , the vulnerability stems from the file /a/sys/area/save in the parameter Name operation leads to cross-site scripting attacks...

GHSA-859H-4W58-78XW Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

GHSA-3J4X-9Q9Q-3277 Cross-site Scripting in JFinal

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

GHSA-F6XP-59JQ-R35C Phachon mm-wiki Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter...

mm-wiki 跨站请求伪造漏洞

MM-Wiki is phachon individual developers of a lightweight enterprise knowledge sharing and team collaboration software. It can be used to quickly build enterprise Wiki and team knowledge sharing platform. A security vulnerability exists in Phachon mm-wiki version v.0.1.2. A remote attacker can...

CRLF Injection Vulnerability in Multiple Sierra Wireless AirCard Products

The Sierra Wireless AirCard 760S, 762S and 763S are mobile broadband devices from Sierra Wireless Canada. A CRLF injection vulnerability exists in the export.cfg file in the web-based management console of multiple Sierra Wireless AirCard products. A remote attacker could exploit this vulnerabili...

CVE-2007-6503

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to 1 import an arbitrary plan via a request to hosting/importhostingplans.asp; or 2 change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the a save, b 30,...