CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

dts-mall 安全漏洞

dts-mall is a WeChat small program mall by qiguliuxing individual developer. A security vulnerability exists in dts-mall version v0.0.1-SNAPSHOT, which stems from improper access control and could lead to authentication bypass...

CVE-2025-45617

Incorrect access control in the component /user/list of productionssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload...

CVE-2024-53597

masterstackimgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit...

CVE-2024-53597

masterstackimgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit...

CVE-2024-39017

CVE-2024-39017 affects the agreejs shared library, version 0.0.1. The issue is a prototype pollution in the function mergeInternalComponents, enabling an attacker to inject arbitrary properties and potentially execute arbitrary code or cause a Denial of Service. Affected products are described co...

CVE-2024-36360

OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...

Badaso 跨站脚本漏洞

Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A cross-site scripting vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the Name of membe...

CVE-2023-29847

CVE-2023-29847 affects AeroCMS v0.0.1. Multiple stored XSS vulnerabilities reside in the /post.php endpoint, exploitable via the comment_author and comment_content parameters to execute arbitrary web scripts or HTML with a crafted payload. The issue is documented across several sources (e.g., Red...

Aero CMS v0.0.1 - SQL Injection (no auth) Vulnerability

Exploit Title: Aero CMS v0.0.1 - SQL Injection no auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

CVE-2022-46137

CVE-2022-46137 : AeroCMS v0.0.1 is vulnerable to a Directory Traversal issue that allows remote attackers to obtain sensitive information. The CVE entry reports a high-severity impact (CVSS v3.1: 7.5, NETWORK attack vector, no user interaction). No concrete remediation details are provided in the...

CVE-2022-46135

CVE-2022-46135 affects AeroCms v0.0.1. The vulnerability is an arbitrary file upload at /admin/posts.php?source=edit_post that enables uploading a webshell and taking control of the web server. Affected component is the upload endpoint in the admin/post editing flow; root cause details are consis...

CVE-2022-46062

Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery CSRF...

CVE-2022-46051

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks...

CVE-2022-46051

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks...

Sql injection

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks...

CVE-2022-46061

AeroCMS v0.0.1 is vulnerable to ClickJacking...

CVE-2022-46047

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter...

CVE-2022-46058

CVE-2022-46058 affects AeroCMS v0.0.1, with a cross-site scripting (XSS) vulnerability exploitable via add_post.php. The issue allows an attacker to inject a crafted payload into the Comments text field to execute arbitrary web scripts or HTML. This is documented across multiple sources (NVD, RH ...