EUVD-2026-28540

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

EUVD-2003-1302

Malware in sbrugna...

EUVD-2018-10552

Malware in sbrugna...

EUVD-2022-24853

Malicious code in bioql PyPI...

EUVD-2023-56748

Malicious code in bioql PyPI...

EUVD-2023-32434

Malicious code in bioql PyPI...

EUVD-2023-2876

Malicious code in bioql PyPI...

CVE-2025-49188

The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering...

CVE-2025-3999 Seeyon Zhiyuan OA Web Application System URL Parameter date.jsp cross site scripting

A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL Parameter Handler. Th...

CVE-2024-4265

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes ...

DTS Monitoring Operating System Command Injection Vulnerability

DTS Monitoring is an information system monitoring platform from DTS Corporation. An operating system command injection vulnerability exists in DTS Monitoring version 3.57.0, which stems from the url parameter in the WGET check function being susceptible to operating system command injection...

CVE-2023-36255

Eramba (Eramba GRC) up to version 3.19.1 is affected by an authenticated remote code execution vulnerability that can be triggered via the path parameter in the URL to the download-test-pdf endpoint. Public writeups and PoCs indicate an RCE in Eramba 3.19.1, with exploits and Metasploit modules r...

Lawyer CMS 1.6 Cross Site Scripting

Exploit Title: Lawyer CMS 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/lawyer/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

BloodBank 1.1 Cross Site Scripting

Exploit Title: BloodBank 1.1 - Reflected XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/bloodbank/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

PHP Car Dealer 3.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Cedar Gate EZ-NET Cross-Site Scripting Vulnerability

Cedar Gate EZ-NET is an Internet portal application from Cedar UK. A cross-site scripting vulnerability exists in The Cedar Gate EZ-NET 6.5.5, 6.6.3, 6.7.0, and 6.8.0 that stems from The Cedar Gate EZ-NET 6.5.5, and 6.8.0 having a call to display messages to the user that do not correctly clean u...

Optergy Proton/Enterprise BMS 2.3.0a Open Redirect

Open Redirect in Optergy Proton/Enterprise BMS Firmware version: =2.3.0a CVE: CVE-2019-7275 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic GET /updating.jsp?url=https://segfault....

Open redirect

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter...

CVE-2008-6584

html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the urlupload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory...