EUVD-2018-21746

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...

CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles

MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the...

PT-2026-30367

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Versions of Docker Model Runner prior to 1.0.16 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated POST endpoints that allowed arbitrary runtime flags to be accepted. This could enable...

CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

SOUND4多款产品 操作系统命令注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional broadcast audio processor.SOUND4 FIRST is a broadcast audio processor.SOUND4 PULSE is an audio processor. An operating system command injection vulnerability exists in various SOUND4 products that...

CVE-2018-25128

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

CVE-2018-25128

The CVE-2018-25128 entry concerns the SOCA Access Control System 180612, where unvalidated POST parameters enable multiple SQL injection flaws in Login.php and Card_Edit_GetJson.php. The root cause is injection into queries, allowing attackers to bypass authentication, retrieve password hashes, a...

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from an unvalidated POST parameter and could lead to a SQL injection attack...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.11.3 and prior to 10.11.x, 10.5.11 and prior to 10.5.x, and 10.12.0 and prior to 10.12.x. The vulnerability stems from an unvalidated post upda...

EUVD-2025-84354

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'customfield1' in '/estimaterequests/saveestimaterequest'...

EUVD-2021-11469

Malware in sbrugna...

SICK AG Enterprise Analytics 安全漏洞

SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from unvalidated POST request data that could result in logging of jumbo payloads...

PT-2025-40862

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description The system logs data from POST requests without validation. Specifically, when a user attempts to log in with incorrect credentials, the request data is logged. It is possible to send excessively lar...

CVE-2025-55735

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated post content that could lead to stored cross-site scripting...

WordPress plugin SQL注入漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress MOLIE plugin 0.5 and earlier versions have a SQL injection vulnerability, which stems from the failure of MOLIE to validate and escape SQL...