CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

PT-2026-21010

Name of the Vulnerable Software and Affected Versions Master Addons For Elementor plugin for WordPress versions 2.1.1 and earlier Description The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This allows authenticated...

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

CVE-2020-10668

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version...

WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...

EUVD-2007-3970

Malware in sbrugna...

EUVD-2022-42491

Malicious code in bioql PyPI...

EUVD-2023-55060

Malicious code in bioql PyPI...

EUVD-2022-28260

Malicious code in bioql PyPI...

CVE-2025-57483

CVE-2025-57483 affects the tawk.to chatbox widget v4. It describes a reflected XSS due to unvalidated input in a vulnerable parameter, allowing arbitrary Javascript execution in the user’s browser. Multiple connected sources corroborate the basic vulnerability and impacted component. There is no ...

CVE-2025-10809

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the argument d leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-9126

CVE-2025-9126 concerns the WordPress plugin Smart Table Builder. Multiple sources confirm a Stored Cross-Site Scripting (XSS) flaw via the id parameter in versions up to 1.0.1, exploitable by authenticated users with Contributor-level access or higher. The underlying issue is insufficient input s...

CVE-2025-51969

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the productid GET parameter, which is not properly validated before being included in a SQL statement...

CVE-2024-50584

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2020-6210

SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...

GHSA-CG4F-CQ8H-3CH8 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting

Summary Vulnerable Version: Yeswiki alert1 Details Reflected Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in...

Crest Engine CMS 1.0 Cross Site Scripting

Crest Engine CMS version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: Crest Engine CMS - Reflected Cross-Site Scripting XSS Exploit Author: wa-3, Telegram: @wa03 Vendor Homepage: http://e-gate.me/ Version: 1.0 Tested on: http://demo.e-gate.me/ Vulnerable path:/crest/engin...

CVE-2024-12562

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...

CVE-2025-0199

A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Affected is an unknown function of the file /user/minuscart.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

PT-2024-17479 · Unknown · 1000 Projects Library Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Library Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Library Management System. It affects an unknown functionality of the file /brains/stu.php. The manipulation of the useri...