WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

CVE-2019-25732

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

CVE-2019-25732

CVE-2019-25732 affects PHP EI-Tube Script 3. The vulnerability is an SQL injection in the search parameter that allows unauthenticated attackers to send crafted GET requests to the search endpoint to extract sensitive data (usernames, passwords, version details). Root cause is improper handling/e...

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

PT-2026-46202

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

CVE-2025-23770

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Caspie Fast Tube fast-tube allows Reflected XSS.This issue affects Fast Tube: from n/a through = 2.3.1...

EUVD-2016-1078

Malware in sbrugna...

EUVD-2012-1067

Malware in sbrugna...

EUVD-2010-4898

Malware in sbrugna...

EUVD-2014-3895

Malware in sbrugna...

EUVD-2014-7312

Malware in sbrugna...

EUVD-2016-1079

Malware in sbrugna...

EUVD-2025-3404

Malicious code in bioql PyPI...

EUVD-2025-3431

Malicious code in bioql PyPI...

CVE-2024-13218

The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2013-6681

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability...

CVE-2010-4934

SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-13625

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Tube Video Ads Lite plugin <= 1.5.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Tube Video Ads Lite versions = 1.5.7...