CVE-2026-2410

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the showPageContent function. This makes it possible for unauthenticated attackers to a...

CVE-2026-2410

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the showPageContent function. This makes it possible for unauthenticated attackers to a...

CVE-2026-2410 Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the showPageContent function. This makes it possible for unauthenticated attackers to a...

EUVD-2025-25489

Malicious code in bioql PyPI...

CVE-2025-10973

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument userid causes sql injection. The attack may be initiated remotely. The...

PT-2025-39456

Name of the Vulnerable Software and Affected Versions JackieDYH Resume-management-system versions prior to fb6b857d852dd796e748ce30c606fe5e61c18273 Description A flaw exists in JackieDYH Resume-management-system that allows for SQL injection through manipulation of the userid argument in the...

CVE-2025-9304

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

CVE-2025-9304 SourceCodester Online Bank Management System show.php sql injection

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

CVE-2025-9304

SourceCodester Online Bank Management System 1.0 contains a SQL injection vulnerability in the /bank/show.php function, exploitable by manipulating the ID parameter. The issue is exploitable remotely and an exploit has been published publicly, potentially affecting confidentiality, integrity, and...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system from China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from the ID parameter of the /pda/appcenter/webshow.php page containing a SQL injection vulnerability...

CVE-2024-43006

A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...

CVE-2024-25529

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wfofficefilehistoryshow.aspx...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for office management support systems from Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which originates from an SQL injection vulnerability in the personid parameter of the /amssplus/modules/person/picshow.php page...

Ruby on Rails: Action Text XSS (Rails 7.1.x)

The vulnerability in Action Text in Rails 7.1.x allows for cross-site scripting XSS when attempting to edit the text in which the crafted values were stored. The vulnerability was likely introduced in the PR that addressed a previous issue. It was confirmed that the XSS did not occur on the show...

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Co. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in /index/notice/show. An attacker could exploit...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

迅易科技 74cms SQL注入漏洞

74CMS is a talent recruitment system based on the second development of ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can use this vulnerability to inject SQL statements via the id parameter of wap/wap-company-show.php...

Wuxi New Interactive Network Technology Co., Ltd. website building system show****.asp page has SQL injection vulnerability

Wuxi New Interactive Network Technology Co., Ltd. was founded on March 22, 2012, the registered office is located in Wuxi City, Beitang District, Huichan Road, Yanjia shed, the legal representative is Zhai Hongwei. The scope of business includes technical development of computer software, technic...

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in liability name field, allowing an attacker to inject malicious script in a transaction to get executed upon an error condition during a visit to the...

Input validation

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page...