EUVD-2026-28878

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field...

PgBouncer 代码问题漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 had code vulnerabilities due to null pointer references. If the server sends error responses without the SQLSTATE field, it may lead to crashes...

CVE-2026-21695

CVE-2026-21695 affects the open source time tracking software Titra. In versions ≤ 0.99.49, the API suffers a Mass Assignment vulnerability: the endpoint merges user-supplied input via the JavaScript spread operator into the database document (customfields), without validating which keys are perm...

CVE-2025-14205

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membershipprofile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site...

Linux Distros Unpatched Vulnerability : CVE-2019-7352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value...

CVE-2024-36383

An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage...

CVE-2023-46583

Cross-Site Scripting XSS vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field...

CVE-2023-46583

Cross-Site Scripting XSS vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field...

CVE-2023-46583

Cross-Site Scripting XSS vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field...

PT-2023-30101 · Unknown · Phpgurukul Nipah Virus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Nipah virus NiV Testing Management System version 1.0 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary code via a crafted payload injected into the State field. This enables the execution of...

CVE-2023-46583

Cross-Site Scripting XSS vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field...

kernel: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state

A flaw was found in the ext4 module in the Linux kernel. A specially crafted filesystem can cause an assertion failure when a specific operation is performed, possibly resulting in system instability and a denial of service...

Microweber 输入验证错误漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System...

LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile

The 'State' field of the Edit profile page of the plugin is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users such as students to elevate their privilege via an XSS attack when an admin...

DEBIAN-CVE-2019-7352

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

CVE-2018-3905

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading t...

PT-2018-16297 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists in the camera "create" feature of the video-core's HTTP server. The video-core process incorrectly extracts the state field from a user-controlled...

PHP Scripts Mall Basic B2B Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Basic B2B Script is a B2B website system script from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Basic B2B Script version 2.0.0, which can be exploited by remote attackers to inject scripts via the First name, Last name, City, State, or...

Authorization Bypass

sorcery is vulnerable to authorization bypass. The library allows a login request with no state field, which causes the library to reuse the value from the previous request or if there is no previous request it is overridden...