EUVD-2021-28740

Malicious code in bioql PyPI...

EUVD-2024-54670

Malicious code in bioql PyPI...

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2025-10110

A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2025-10210

ChanCMS up to version 3.3.0 contains a SQL injection in the Search function (app/modules/api/service/Api.js) caused by manipulation of the key argument. The issue is exploitable remotely, and public PoC/exploit material exists; the vendor has not responded. A remediation is needed: upgrade to the...

CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2025-54551

CVE-2025-54551 affects Fujifilm Synapse Mobility (Synapse Mobility) versions 8.0–8.1.1. The root cause is privilege escalation via external control of Web parameters (CWE-472), allowing a user to bypass RBAC and access data beyond their permissions by altering search parameters. Public sources (N...

CVE-2025-54551

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the...

CVE-2025-8555 atjiu pybbs search cross site scripting

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to...

PT-2025-31256 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions 13.8.0 and below Description: Piwigo versions 13.8.0 and below are vulnerable to SQL Injection in the parameters max level and min register. These parameters are used in the ws user gerList function from the file includews...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

CVE-2024-41503

CVE-2024-41503 concerns Jetimob Plataforma Imobiliaria 20240627-0 and describes a Cross Site Scripting (XSS) vulnerability in the “Ttulo” (title) field of the filter Save option within the “Busca” (search) function. The Red Hat, NVD, CVE listings, and CNNVD entries corroborate the XSS issue in th...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

PT-2025-24924 · Unknown · Jetimob Plataforma Imobiliaria

Name of the Vulnerable Software and Affected Versions: Jetimob Plataforma Imobiliaria version 20240627-0 Description: The issue concerns a Cross Site Scripting XSS vulnerability in the "Ttulo" title field inside the filter Save option in the "Busca" search function. This allows for potential...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-33121

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...

CVE-2024-25327

Cross Site Scripting XSS vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function...

CVE-2023-36213

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...

CVE-2022-41473

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Search function...