CVE-2026-36767

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

CVE-2025-11695

CVE-2025-11695 affects the MongoDB Rust Driver prior to v3.2.5. The root cause is that using tlsInsecure=False in a connection string disables certificate validation, enabling potential man-in-the-middle attacks over the network. The vulnerability is characterized with HIGH severity (CVSS metrics...

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

Spacenuke v3.2.5 => Persistent XSS Exploiable Vulnerability

Exploit for php platform in category web applications Spacenuke v3.2.5 = Persistent XSS Exploiable Vulnerability ----------------------------------------------------------- I MEMBER FROM IN3CT0R TEAM. 1337 DAY .. My + Author : KnocKout Contact : email protected E-Mail : email protected HomePage :...