7.8
CVE-2025-68433 - Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a projectβs `.zed` subdirectory. A malicious MCP configuration can contain arbitrary shell cβ¦
8.7
CVE-2023-53917 - Affiliate Me 5.0.1 SQL Injection Vulnerability via Admin Panel
Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames anβ¦
7.8
CVE-2025-68432 - Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file located within a projectβs `.zed` subdirectory. A malicious LSP configuration can contain arbitrary shellβ¦
8.7
CVE-2023-53933 - Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
5.1
CVE-2023-53932 - Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
5.1
CVE-2023-53931 - Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbβ¦
7.1
CVE-2023-53930 - ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.
6.2
CVE-2023-53929 - phpMyFAQ 3.1.12 CSV Injection via User Profile Export
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.
5.1
CVE-2023-53928 - PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session iβ¦
5.1
CVE-2023-53927 - PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, poβ¦