CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

EUVD-2022-1648

Malicious code in bioql PyPI...

PT-2024-3766 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 9.5.0 through 9.5.17 Grafana versions 10.0.0 through 10.0.12 Grafana versions 10.1.0 through 10.1.8 Grafana versions 10.2.0 through 10.2.5 Grafana versions 10.3.0 through 10.3.4 Description: The issue is related to a Broken...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from the Czech company Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient version 10.3.5, which originates from a cross-site scripting XSS vulnerability in the login page, allowing an attacker to execute arbitrary...

PT-2023-28775 · Icewarp · Icewarp Webclient

Name of the Vulnerable Software and Affected Versions: IceWarp WebClient version 10.3.5 Description: A Cross Site Scripting XSS issue in the Sign-In page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. This enables attackers to...

CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...

CVE-2022-1219

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...