Tagged "advisories"

Serendipity 1.6.2 - Cross-site Scripting
glFusion 1.3.0 - Blind SQL Injection
Openbiz Cubi - Multiple XSS
Openbiz Cubi - Multiple SQL Injection
The Bug Genie 3.2.7.1 - Cross-site Scripting
TWiki 6.0.1 - XSS (WebSearch)
TWiki 6.0.1 - XSS (QUERYSTRING)
Subrion CMS 3.2.2 - Cross-site Scripting
e107 2.0 - XSS + SQL Injection
OsClass 3.4.1 - Local File Inclusion (LFI)
Flat Nuke 3.1.2 - Cross-site Scripting
Pragyan CMS 3.0 - Blind SQL Injection
FlatPress 1.0.2 - Cross-site Scripting
Booked Scheduler 2.5.15 - CSRF
TestLink 1.9.13 - Cross-site Scripting
phpMemAdmin - Cross-site Scripting
phpMoAdmin - Cross-site Scripting
TestLink 1.9.13 - SQL Injection
Google Analyticator (WP Plugin) - Multiple XSS
WordPress Twenty Fifteen Theme - DOM XSS
miniBB 3.1 - Cross-site Scripting
Concrete5 5.7.3.1 - Multiple XSS
Blubrry PowerPress 6.0 (WP Plugin) - XSS
WP Flash Player 1.3 - Multiple Cross-site Scripting
Storytlr 1.2.0 - Multiple Reflected XSS
MailPoet Newsletters 2.6.19 - Cross-site Scripting
BulletProof Security 0.53.3 - Multiple Cross-site Scripting
Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting
WP-Polls 2.73 - Reflected Cross-site Scripting
Cockpit CMS 0.13.0 - Remote Code Execution
Cockpit CMS 0.13.0 - Multiple Reflected XSS
Yii Framework 2.0.9 - Reflected XSS
SpiderFoot 2.7.1 - Multiple Reflected XSS
MyLittleForum 2.3.5 - Multiple Reflected XSS
HTMLy - Cross-site Scripting
SOPlanning 1.41 - SQL Injection
Eventum 3.3.4 - Open Redirection
Microweber 1.0.8 - Reflected XSS
FreshRSS 1.11.1 - Multiple XSS
Plikli CMS 4.0.0 - Blind SQL Injection
Plikli CMS 4.0.0 - Cross-site Scripting
ElkArte 1.1.0 - Cross-site Scripting
OrangeForum 1.4.0 - Open Redirection
ImpressCMS 1.3.10 - Reflected and Stored XSS
TikiWiki 17.1 - Cross-site Scripting
Gibbon v14.0.01 - Frame Injection Vulnerabilities
IlchCMS 2.1.37 - Cross-site Scripting
Geeklog 2.2.1 - Blind SQL Injection
Geeklog 2.2.1 - Cross-site Scripting
Mailpit - Server-Side Request Forgery (SSRF)
Mailpit - Cross-Site WebSocket Hijacking (CSWSH)
feedyour.email - SQL Injection via Search Parameter

See all tags.

Recent Advisories

RO-26-003 (CVE-2025-XXXX (Pending)) feedyour.email - SQL Injection via Search Parameter
RO-26-002 (CVE-2026-22689) Mailpit - Cross-Site WebSocket Hijacking (CSWSH)
RO-26-001 (CVE-2026-21859) Mailpit - Server-Side Request Forgery (SSRF)
RO-20-001 Geeklog 2.2.1 - Cross-site Scripting
RO-20-002 Geeklog 2.2.1 - Blind SQL Injection