EUVD-2026-9590

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submission: from n/a through = 2.2.0...

CVE-2025-67147

CVE-2025-67147 affects Gym-Management-System-PHP 1.0. Multiple SQL injection flaws exist in submit_contact.php (name, email, comment), secure_login.php (username, pass_key), and change_s_pwd.php (login_id, pwfield, login_key). Attackers can bypass authentication, run arbitrary SQL commands, modif...

CVE-2025-62062

Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through = 1.7.0...

EUVD-2014-2303

Malware in sbrugna...

PT-2025-37279

Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09 Description: A vulnerability exists in YunaiV yudao-cloud that affects processing of the file /crm/receivable/submit. Manipulation of the ID argument results in improper authorization, and the atta...

WordPress plugin Torod SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Torod suffers from a SQL injection vulnerability that stems from improper handling of special elements of SQL commands, which can be exploited by an attacker to...

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

CVE-2024-12131

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-13142

A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controller/RoleController. java. The manipulation of the argument name leads to cross site scripting. The...

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in Kashipara Billing Software version 1.0, which stems from a SQL injection vulnerability in the partyname of the partysubmit.php file...

CVE-2022-40777

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550...

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice 🕵️‍♂️ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

CVE-2013-2927

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to...

Discuz! X2 回复仅作者可见控制不严

简要描述： Discuz! X2 发布回复仅作者可见的主题帖，普通会员可以绕过该机制获得被隐藏的部分内容 详细说明： 帖子为打开状态时，可以通过楼层获得fid、tid、repposet 这3个参数，手动URL提交，可获取引用回复，引用回复中含有被屏蔽（仅作者可见的）部分内容。 漏洞证明： 拼接的url...

ecshop 2.6 x background write shell 0day-vulnerability warning-the black bar safety net

The relevant variable is not filtered, resulting in the submission of data to write into shell holes. Vulnerability file: admineditlanguages.php The relevant variable is not filtered! elseif $REQUEST'act' == 'edit' / Language items of the path / $langfile = isset$POST'filepath' ?...

IIS FrontPage DoS

Microsoft IIS, running Frontpage extensions, is vulnerable to a remote DoS attack usually called the 'malformed web submission' vulnerability. An attacker, exploiting this vulnerability, will be able to render the service unusable. If this machine serves a business-critical functionality, there...

FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution

The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The remote version of this software has a form submission vulnerability that may allow an attacker to execute arbitrary PHP commands on the remote host...