5.1
CVE-2025-14837 - ZZCMS Backend Website Settings siteconfig.php stripfxg code injection
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been β¦
9.1
CVE-2025-68435 - Zerobyte has Authentication Bypass by Primary Weakness
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This iβ¦
5.1
CVE-2025-14836 - ZZCMS User Data Storage user_save.php cleartext storage in a file or on disk
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has bβ¦
5.3
CVE-2025-14834 - code-projects Simple Stock System checkuser.php sql injection
A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public andβ¦
7.8
CVE-2025-68433 - Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a projectβs `.zed` subdirectory. A malicious MCP configuration can contain arbitrary shell cβ¦
8.7
CVE-2023-53917 - Affiliate Me 5.0.1 SQL Injection Vulnerability via Admin Panel
Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames anβ¦
7.8
CVE-2025-68432 - Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file located within a projectβs `.zed` subdirectory. A malicious LSP configuration can contain arbitrary shellβ¦
8.7
CVE-2023-53933 - Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
5.1
CVE-2023-53932 - Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
5.1
CVE-2023-53931 - Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbβ¦