EUVD-2025-35320

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient escaping on the user supplied parameter and...

EUVD-2019-8678

Malware in sbrugna...

EUVD-2019-1979

Malware in sbrugna...

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

UBUNTU-CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

PT-2020-15862 · Synology · Music Station

Name of the Vulnerable Software and Affected Versions: Music Station versions prior to 5.3.12 Music Station versions prior to 5.3.13 Description: This issue allows remote attackers to inject malicious code through a cross-site scripting vulnerability in Music Station. Recommendations: For Music...

Linux Kernel Information Disclosure and Denial of Service Vulnerabilities

Description Linux Kernel is prone to an information-disclosure vulnerability and a denial-of-service vulnerability Successfully exploiting these issues may allow an attacker to gain access to sensitive information or cause denial of service conditions. Linux kernel versions through 5.3.12 are...

ILIAS < 5.2.21, 5.3.x < 5.3.12 XSS Vulnerability

ILIAS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2019-24000)

Ilias is an open source learning management system. A cross-site scripting vulnerability exists in Assessment/TestQuestionPool in Ilias version 5.3 before 5.3.12 and version 5.2 before 5.2.21. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

CVE-2017-1000431

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

SQL Injection Vulnerability in MetInfo V5.3.12

MetInfo is an enterprise website management system with PHP Mysql architecture. MetInfo V5.3.12 suffers from a SQL injection vulnerability. Allow attackers to exploit the vulnerability to obtain sensitive database information...

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

?php www.bugreport.ir Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version Vendor: http://www.php.net Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 Exploitation: Remote Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Original Exploit URL:...