7055 matches found
Tp-Link Archer AX53 v1.0 Openvpn configuration restore client_disconnect OS command injection vulnerability
Talos Vulnerability Report TALOS-2025-2307 Tp-Link Archer AX53 v1.0 Openvpn configuration restore clientdisconnect OS command injection vulnerability May 7, 2026 CVE Number CVE-2026-30815 SUMMARY An os command injection vulnerability exists in the Openvpn configuration restore clientdisconnect...
CodeAstro Membership Management System 代码问题漏洞
The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CODEASTRO Membership Management System has code-related vulnerabilities. These vulnerabilities stem from the file upload functionality in the /addmembers.php file. Improper...
WordPress Blog Settings plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Blog Settings versions = 1.0...
WordPress Zingaya Click-to-Call plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Zingaya Click-to-Call versions = 1.0...
EUVD-2026-27209
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
CVE-2026-6704 affects the WordPress WordPress Blog Settings plugin. It is vulnerable to a reflected Cross-Site Scripting attack via the 'page' parameter in all versions up to 1.0 due to insufficient input sanitization and output escaping. The weakness allows unauthenticated attackers to craft a l...
CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...
WordPress plugin Zingaya Click-to-Call 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-36957
Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...
CVE
CVE-PENDING: Bdtask Multi-Store Inventory Management System 1...
CVE-2026-7746
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /productexpiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is...
CVE-2026-7732
CVE-2026-7732 affects code-projects BloodBank Managing System 1.0. The vulnerable element is an unknown function in request_blood.php, allowing an unrestricted upload. The attack can be executed remotely and the exploit is public. No remediation details are provided in the supplied documents.
CodeAstro Online Classroom 注入漏洞
CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/studentdetails that allows for SQL injection attacks wh...
CodeAstro Online Classroom 注入漏洞
CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/addnewstudent that manipulate the parameter fname, allowi...
CVE-2026-7670
Jinher OA 1.0 is affected by CVE-2026-7670 due to a SQL injection in the unknown function of /C6/JHSoft.Web.PlanSummarize/UserSel.aspx via the DeptIDList argument. Exploit maturity is shown as PROOF-OF-CONCEPT, and exploitation is possible remotely with no user interaction. The vulnerability has ...
CVE-2026-7612 itsourcecode Courier Management System edit_user.php sql injection
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...
CVE-2026-43505
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...