CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

PT-2025-48105

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description An unauthenticated OS Command Injection issue exists in the start upgrade.php component of the softwar...

EUVD-2007-0351

Malware in sbrugna...

EUVD-2021-14551

Malware in sbrugna...

EUVD-2008-4158

Malware in sbrugna...

EUVD-2020-16278

Malware in sbrugna...

EUVD-2025-11902

Malicious code in bioql PyPI...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

CVE-2025-29058

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component...

CVE-2025-29058

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component...

PT-2025-17343 · Qimou Cms · Qimou Cms

Name of the Vulnerable Software and Affected Versions: Qimou CMS version 3.34.0 Description: An issue in Qimou CMS allows a remote attacker to execute arbitrary code via the upgrade.php component. Recommendations: For Qimou CMS version 3.34.0, consider disabling the upgrade.php component until a...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2024-24520

CVE-2024-24520 affects Lepton CMS v7.0.0. The issue is a local arbitrary-code execution via the upgrade.php file in the languages place, enabling a local attacker to compromise the system. According to Red Hat and CNNVD records, the vulnerability exists in Lepton CMS 7.0.0. The Red Hat entry and ...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

Lepton CMS 7.0.0 Remote Code Execution Vulnerability

Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 G...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Directory Traversal File Write Exploit

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

Cross-site Scripting (XSS) - Reflected in yourls/yourls

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...