EUVD-2025-4616

Malicious code in bioql PyPI...

CVE-2025-9440

CVE-2025-9440 affects 1000projects Online Project Report Submission and Evaluation System 1.0. A vulnerable function is in /admin/add_title.php, where manipulating the Title argument permits cross-site scripting. The issue is exploitable remotely and publicly disclosed. Multiple connected sources...

CVE-2024-57665

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering...

CVE-2024-6263

The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...