CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability. This vulnerabilit...

📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit

This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...

PT-2026-20903

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below Description LibreNMS is a network monitoring tool. The application does not properly sanitize user input when processing IPv6 address searches in the ajax table.php endpoint. The address parameter is split...

CVE-2020-36919

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser...

CVE-2020-36919

WPForms 1.7.8 is affected by a cross-site scripting (XSS) vulnerability in the slider import search feature and the tab parameter. The issue can be triggered via the ListTable.php endpoint, where an attacker can inject arbitrary JavaScript to run in a victim’s browser. The vulnerable parameter is...

CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...

CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...

PT-2025-40270

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Clou...

CVE-2025-9735

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

CVE-2025-9735 O2OA Personal Profile table cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...