CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
REDCap versions 12.0.26 LTS and 12.3.2 Standard allow SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages, leading to an infinite loop and causing a denial of service.
A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0 in the Comment Box Handler functionality, allowing for cross-site scripting (XSS) attacks through manipulation of the comment argument. The attack may be launched remotely, but its exploitation is complex.
A vulnerability was found in phpscriptpoint Insurance 1.2, affecting an unknown functionality of the file /search.php. The manipulation leads to cross site scripting (XSS) attacks.
A vulnerability was found in phpscriptpoint Insurance 1.2, classified as problematic. It affects an unknown function of the file /page.php, leading to cross site scripting attacks.
A vulnerability has been found in phpscriptpoint Car Listing version 1.6, affecting unknown code in the /search.php file. Manipulation of the argument country/state/city leads to cross site scripting.
A vulnerability classified as problematic was found in phpscriptpoint Ecommerce version 1.15. Manipulation of the 'id' argument in the /product.php file leads to cross site scripting.
A vulnerability has been identified in phpscriptpoint Ecommerce version 1.15 that allows cross site scripting (XSS) attacks through manipulation of the 'slug' argument in the /blog-single.php file.
A vulnerability was found in phpscriptpoint JobSeeker 1.5 that allows cross site scripting (XSS) attacks through manipulation of arguments in the /search-result.php file. The attack can be launched remotely.
A vulnerability was found in phpscriptpoint BloodBank 1.1, rated as problematic. This issue affects some unknown processing of the file page.php, leading to cross site scripting attacks.
A vulnerability classified as problematic was found in mooSocial mooDating version 1.2. It affects an unknown function of the file /find-a-match of the URL Handler component, leading to cross site scripting attacks.
A vulnerability has been identified in mooSocial mooDating version 1.2 that leads to cross site scripting (XSS) attacks through manipulation of the /users/view file in the URL Handler component. The attack can be initiated remotely.
A vulnerability was found in mooSocial mooDating version 1.2 that allows cross site scripting (XSS) attacks through manipulation of code in the /users file of the URL Handler component. The attack can be initiated remotely.
A vulnerability has been found in mooSocial mooDating version 1.2 that leads to cross site scripting (XSS) attacks. The issue affects an unknown part of the file /pages of the URL Handler component, allowing for remote exploitation.
A vulnerability was found in mooSocial mooDating 1.2, rated as problematic. It affects some unknown functionality of the file /friends/ajax_invite of the component URL Handler, leading to cross site scripting attacks.
A vulnerability was found in mooSocial mooDating 1.2 related to an unknown functionality of the file /friends in the URL Handler component. Manipulation of this functionality leads to cross-site scripting (XSS) attacks.
A vulnerability was found in mooSocial mooDating 1.2, classified as problematic. It affects an unknown function of the file /matchmakings/question of the URL Handler component, leading to cross site scripting attacks.
A vulnerability was found in NxFilter 4.3.2.5 that allows cross site scripting attacks through manipulation of the 'user' argument in the /report,daily.jsp file. The attack can be initiated remotely.
A vulnerability was found in DedeBIZ 6.2.10 that allows cross site scripting through manipulation of the file /admin/vote_edit.php. The attack can be launched remotely.
A vulnerability has been found in DedeBIZ 6.2.10 that allows cross site scripting through manipulation of an unknown function in the file /admin/sys_sql_query.php. The attack can be launched remotely.

