6.9
CVE-2026-5827 - code-projects Simple IT Discussion Forum question-function.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public andβ¦
5.3
CVE-2026-5826 - code-projects Simple IT Discussion Forum edit-category.php cross site scripting
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published aβ¦
5.3
CVE-2026-5825 - code-projects Simple Laundry System delmemberinfo.php cross site scripting
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may β¦
6.1
CVE-2025-70797 - CrossβSite Scripting in LimeSurvey Box Parameters Allows Remote Code Execution
Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters.
6.1
CVE-2025-63238 -
A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.
9.8
CVE-2026-31170 - Stun-pass Command Injection in ToToLink A3300R Firmware
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi.
9.1
CVE-2025-50228 - ServerβSide Request Forgery in User Evaluation, Message, and Comment Modules of Jizhicms v2.5.4
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
5.4
CVE-2025-70365 - Stored XSS in Kiamo Admin Interfaces
A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pβ¦
8.8
CVE-2026-30478 - Dynamic-link Library Injection in GatewayGeo MapServer for Windows 5 Allows Privilege Escalation
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.
7.8
CVE-2026-29923 - Local Privilege Escalation via Unrestricted Physical Memory Mapping in EnTech Taiwan PowerStrip Driβ¦
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.