CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

CVE-2019-11535

Unsanitized user input in the web interface for Linksys WiFi extender products RE6400 and RE6300 through 1.2.04.022 allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI...

CVE-2025-11307 WP Google Maps < 9.0.48 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

EUVD-2018-0333

Malware in sbrugna...

EUVD-2018-1955

Malware in sbrugna...

EUVD-2020-0299

Malware in sbrugna...

EUVD-2016-10360

Malware in sbrugna...

EUVD-2024-3121

Malicious code in bioql PyPI...

EUVD-2022-6382

Malicious code in bioql PyPI...

EUVD-2022-1412

Malicious code in bioql PyPI...

EUVD-2023-50528

Malicious code in bioql PyPI...

CVE-2025-53834 Caido Toast Vulnerable to Reflected Cross-site Scripting

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker t...

PHPMailer Command Injection Vulnerability

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed...

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

CVE-2025-34038 Weaver E-cology SQL Injection

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

PT-2025-25357 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 6.0.5 through 6.0.28 Spring Framework versions 6.1.0 through 6.1.20 Spring Framework versions 6.2.0 through 6.2.7 Description: The issue allows remote attackers to launch Reflected File Download RFD attacks via...

CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

CVE-2021-45027

An arbitrary file download vulnerability in Oliver v5 Library Server Versions 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input...

CVE-2018-1000619

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, babgetAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons...

SQL Injection

ADOdb is vulnerable to SQL Injection. The vulnerability is due to improper escaping due to the use of unsanitized user input in the pginsertid function when connected to a PostgreSQL database...