EUVD-2023-40105

Malicious code in bioql PyPI...

EUVD-2025-31686

Malicious code in bioql PyPI...

EUVD-2025-26068

Malicious code in bioql PyPI...

EUVD-2023-37721

Malicious code in bioql PyPI...

CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...

CVE-2025-8559

CVE-2025-8559 affects the WordPress plugin All in One Music Player. A path traversal vulnerability via the theme parameter exists in versions up to 1.3.1, enabling authenticated attackers with Contributor+ privileges to read server files. Public sources in CNVD, CVE lists, and PT-2025-39939 descr...

WordPress plugin All in One Music Player 路径遍历漏洞

WordPress All in One Music Player plugin is a plugin with integrated music playback functionality, mainly used for WooCommerce, Dokan, WCFM Marketplace and other multi-platform e-commerce systems. A path traversal vulnerability exists in the WordPress All in One Music Player plugin, which stems...

PT-2025-39939

Name of the Vulnerable Software and Affected Versions All in One Music Player plugin for WordPress versions prior to 1.3.2 Description The All in One Music Player plugin for WordPress is susceptible to a Path Traversal issue through the theme parameter. This allows authenticated attackers with...

CVE-2025-10827

A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...

CVE-2025-10827

The CVE-2025-10827 entry concerns PHPJabbers Restaurant Menu Maker (versions up to 1.1). Affected functionality in the file /preview.php is vulnerable: manipulation of the theme parameter enables cross-site scripting. The issue can be exploited remotely and public exploit details are available. C...

CVE-2025-10827 PHPJabbers Restaurant Menu Maker preview.php cross site scripting

A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...

PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞

PHPJABBERS Restaurant Menu Maker Project is a PHPJABBERS open source menu maker project. A code injection vulnerability exists in PHPJABBERS Restaurant Menu Maker Project 1.1 and earlier versions, which stems from incorrect manipulation of the parameter theme in the file /preview.php, and could...

PT-2025-39095

Name of the Vulnerable Software and Affected Versions PHPJabbers Restaurant Menu Maker versions up to 1.1 Description A cross-site scripting issue exists in PHPJabbers Restaurant Menu Maker. The issue is related to the /preview.php file and manipulation of the theme parameter. This manipulation c...

CVE-2025-51967

A Reflected Cross-site Scripting XSS vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's...

school-management-system 安全漏洞

school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A security vulnerability exists in school-management-system version 1.0, which stems from the theme parameter not being cleaned of user input, and coul...

PT-2025-35084

Name of the Vulnerable Software and Affected Versions: ProjectsAndPrograms School Management System version 1.0 Description: A Reflected Cross-site Scripting XSS issue exists in the themeSet.php file. The application does not properly sanitize user-supplied input in the theme parameter, which...

CVE-2025-51967

A Reflected Cross-site Scripting XSS vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's...

CVE-2023-36137

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...

CVE-2020-10821

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter...

CVE-2018-1000870

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...