CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

CVE-2025-15207

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

EUVD-2001-0679

Malware in sbrugna...

EUVD-2022-47889

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2005-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell...

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

ZendFramework Potential Cross-site Scripting in Development Environment Error View Script

The default error handling view script generated using ZendTool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. ZendToolProjectContextZfViewScriptFile was patched such that the view script template now calls the...

USN-6720-1 cacti vulnerability

Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graphview.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks...

CVE-2019-9926

An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability...

TWiki View Script debugenableplugins Request Parameter Vulnerability

Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...

CVE-2011-1838

Vulnerability summary: TWiki before 5.0.2 contains multiple XSS flaws in TemplateLogin.pm, exploitable via the origurl parameter in both the view and login scripts. The OpenVAS NASL entry and CVE records corroborate the vulnerable module and vector. Impact (as described): cross-site scripting cou...

CVE-2011-1838

Multiple cross-site scripting XSS vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a 1 view script or 2 login script...

CVE-2001-0693

CVE-2001-0693 affects WebTrends HTTP Server 3.1c and 3.5, where a remote attacker can view script source by requesting a filename followed by an encoded space (%20). The underlying issue is an information disclosure vulnerability in the server’s handling of URL paths. The CVSS vector indicates ne...