CVE-2026-4966 itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

CVE-2025-64049

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

CVE-2025-64049

CVE-2025-64049 describes a stored XSS in REDAXO CMS 5.20.0, specifically in the module management component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Output code field in modules; the payload executes when a user views or edits an article that inclu...

EUVD-2025-25338

Malicious code in bioql PyPI...

EUVD-2025-25189

Malicious code in bioql PyPI...

EUVD-2025-25897

Malicious code in bioql PyPI...

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

CVE-2025-50986

Diskover-web v2.3.0 Community Edition is affected by multiple stored XSS vulnerabilities in the administrative settings interface. The root cause is improper sanitization of user input in configuration fields (ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, ...

CVE-2025-9233

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file viewedit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2025-9233

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file viewedit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2025-9233 Scada-LTS view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file viewedit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2025-9233 Scada-LTS view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file viewedit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2025-9233

CVE-2025-9233 affects Scada-LTS up to version 2.7.8.1. The vulnerability is a stored/ reflected cross-site scripting flaw in the view_edit.shtm file, triggered by manipulating the Name parameter in an unspecified function. Remote exploitation is possible, and public PoCs/exploit details have circ...

Scada-LTS 安全漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A security vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter Name in the file viewedit.shtm...

PT-2025-34077 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions through 2.7.8.1 Description: A security vulnerability has been detected in Scada-LTS. The manipulation of the argument Name in an unknown function of the file view edit.shtm leads to cross site scripting. Remote exploitatio...

CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...