1. Description: SQL Injection (SQLi) in MuuCmf v1.9.5.20260309 allows an unauthenticated attacker to inject malicious SQL commands via the keyword parameter at the /index/Search/index.html endpoin...
1. Description: Mass Assignment in GouguCMS v4.08.18 allows an unauthenticated attacker to elevate privileges to VIP users by injecting the level parameter during the user registration process at ...
1. Description: Blind Cross-Site Scripting (Blind XSS) in GouguCMS v4.08.18 allows a low-privileged user to steal administrative session cookies or perform unauthorized administrative actions by i...
1. Description: Reflected Cross-Site Scripting (XSS) in MuuCmf T6 v1.9.5.20260309 allows a remote attacker to execute arbitrary JavaScript code in the context of the user’s browser session via the...
1. Description: Reflected Cross-Site Scripting (XSS) in MuuCmf T6 v1.9.5.20260309 allows a remote attacker to execute arbitrary JavaScript code in the context of the user’s browser session via the...
1. Description: Reflected Cross-Site Scripting (XSS) in MuuCmf T6 v1.9.5.20260309 allows a remote attacker to execute arbitrary JavaScript code in the context of the user’s browser session via the...
1. Description: Reflected Cross-Site Scripting (XSS) in MuuCmf T6 v1.9.5.20260309 allows a remote attacker to execute arbitrary JavaScript code in the context of the user’s browser session via the...
1. Overview I found the SQL Injection vulnerability in open source project in Gitee. I also try to contact with project owner but didn’t recieve any response :(((. And by the way, because I still n...
1. Overview I found multi Refected XSS in one open source project in Gitee and it can lead to steal admin cookie, run malicious script and perform malicious behavior. I tried to contact with projec...
1. Overview CVE-2025-14383: The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘dates_to_check’ parameter in all versions up to, and including, 10.14....