Lucene search
K

105 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-15070

The CVE covers the WordPress plugin “Salon Booking System – Free Version.” All versions up to and including 10.30.32 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in setCustomText, allowing unauthenticated attackers to inject PHP into translate-constants.p...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15070 Salon Booking System <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution via 'value' Parameter

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 4:17 a.m.10 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:29 a.m.37 views

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51650

Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...

7.2CVSS6AI score0.0019EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Everbrite BeikeShop 注入漏洞

Everbrite BeikeShop is an e-commerce system developed by China Everbright Corporation. Versions of Everbrite BeikeShop prior to 1.6.0.22 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of parameters with the value “settings.value” in the unknown function...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.19 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS0.00161EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 6:16 p.m.7 views

CVE-2026-39330

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

8.8CVSS0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Value parameter by the /PropertyAssign.php endpoint, which could lead to SQL injection attacks...

8.8CVSS5.9AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 8:16 p.m.6 views

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

9.8CVSS0.0035EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:21 p.m.5 views

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

8.7CVSS5.9AI score0.0035EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/15 5:32 p.m.2 views

CVE-2026-4184

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possib...

10CVSS8AI score0.01184EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/15 5:32 p.m.52 views

CVE-2026-4184 D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possib...

10CVSS0.01184EPSS
Exploits1References5
NVD
NVD
added 2026/02/15 2:16 p.m.10 views

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

6.1CVSS0.00243EPSS
Exploits1References4
OSV
OSV
added 2026/02/15 2:16 p.m.6 views

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

6.1CVSS5.3AI score
Exploits0References4
EUVD
EUVD
added 2026/02/15 1:58 p.m.6 views

EUVD-2019-19419

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.3AI score0.00243EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.3AI score0.00243EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.9 views

CVE-2019-25377

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS5.2AI score0.00243EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.34 views

CVE-2019-25377 OPNsense 19.1 Reflected XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the...

5.4CVSS0.00243EPSS
Exploits1References4
Rows per page
Query Builder