CVE-2015-10052

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named...

CVE-2014-125058

A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function searchfirstname of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix...

CVE-2018-25085

A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsivemenusadminformsubmit of the file responsivemenus.module of the component Configuration Setting Handler. The manipulation leads to cross site...

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

CVE-2015-10117

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

CVE-2015-10006

A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched...

CVE-2014-125031

A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch i...

CVE-2012-10005

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site...

Oracle Linux 9 : expat (ELSA-2025-7444)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7444 advisory. - Fix CVE-2024-8176 - Fix CVE-2024-50602 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

PT-2025-22319 · Unknown · Moonlightl Hexo-Boot

Name of the Vulnerable Software and Affected Versions: moonlightL hexo-boot version 4.3.0 Description: A problematic issue has been discovered, affecting an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the Description argument leads to...

Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory. - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and pri...

WordPress Mobile Contact Bar plugin < 3.0.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Mobile Contact Bar versions 3.0.5...

PT-2025-21926 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Auto Taxi Stand Management System. The issue is related to an unknown function of the file...

WordPress tarteaucitron.js for WordPress plugin < 0.3.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin tarteaucitron.js for WordPress versions 0.3.0...

PT-2025-21774 · Sourcecodester · Sourcecodester Doctors Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Doctor's Appointment System version 1.0 Description: A critical issue affects the processing of the file /admin/delete-doctor.php, specifically the GET Parameter Handler component. The manipulation of the ID argument leads to S...

WordPress LogDash Activity Log plugin < 1.1.4 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Nicolas Surribas in WordPress Plugin LogDash Activity Log versions 1.1.4...

PT-2025-21642 · Seaweedfs · Seaweedfs

Name of the Vulnerable Software and Affected Versions: seaweedfs version 3.68 Description: A SQL injection issue was discovered in the component /abstract sql/abstract sql store.go. This issue affects seaweedfs and can be exploited via the vulnerable component. Recommendations: For seaweedfs...

PT-2025-21700 · Valvepress · Valvepress Rankie

Name of the Vulnerable Software and Affected Versions: ValvePress Rankie versions 1.8.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in ValvePress Rankie, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2025-21604 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical vulnerability has been found in the Campcodes Sales and Inventory System. This issue affects the file /pages/purchase delete.php and is related to SQL injection. The...

PT-2025-21758 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A critical issue affects the processing of the file /add-normal-ticket.php, where the manipulation of the noadult argument leads to SQL injection. The attack can be initiate...