CVE-2025-60043

The CVE-2025-60043 entry concerns the WordPress Wanderic theme (

USN-7648-2: PHP vulnerabilities

USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker...

WordPress plugin Diza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option Module Options msf use payload/php/unix/cmd/reversessldoubletelnet msf payloadreversessldoubletelnet show actions ...actions... msf payloadreversessldoubletelnet set...

CVE-2025-22597 WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'CobrancaController.php' parameter 'local_recepcao'

WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the localrecepcao parameter. The injected script...

Frappe Framework 13.4.0 Remote Code Execution

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site request forgery vulnerability exists in WWBN AVideo version 11.6. An attacker exploits the vulnerability to escalate privileges via a specially crafted HTTP request...

CVE-2022-30449

Hospital Management System in PHP with Source Code HMS 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php...

PT-2022-15760 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud affected versions not specified Description: A limited authentication bypass issue was discovered, allowing an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. The issue was...

CVE-2019-18204

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution...