CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability has been found in Bug Finder MineStack 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'message' argument in the /user/ticket/create file of the Ticket Handler component.
A vulnerability was found in Bug Finder EX-RATE 1.0, rated as problematic. It affects some unknown functionality of the file /user/ticket/create of the Ticket Handler component, where manipulation of the argument message leads to cross site scripting.
A vulnerability was found in Bug Finder Montage 1.0, affecting an unknown functionality of the file /user/ticket/create in the Ticket Handler component. Manipulation of the argument message leads to cross site scripting.
A vulnerability was found in Bug Finder Wedding Wonders 1.0, classified as problematic. It affects an unknown function of the file /user/ticket/create of the component Ticket Handler, where manipulation of the argument message leads to cross site scripting.
A vulnerability was found in Bug Finder Finounce 1.0 affecting unknown processing of the file /user/ticket/create in the Ticket Handler component. Manipulation of the argument message leads to cross site scripting.
A vulnerability was found in Bug Finder SASS BILLER 1.0, rated as problematic. This issue affects some unknown processing of the file /company/store, leading to cross-site scripting attacks.
A vulnerability was found in Bug Finder ICOGenie 1.0 affecting unknown code in the /user/ticket/create file of the Support Ticket Handler component. Manipulation of the message argument leads to cross site scripting.
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0, classified as problematic. It affects an unknown part of the file /listplace/user/coverPhotoUpdate of the Photo Handler component, where manipulation of the argument user_cover_photo leads to cross site scripting.
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0, affecting some unknown functionality of the file /listplace/user/ticket/create in the HTTP POST Request Handler component. Manipulation of the argument message leads to cross-site scripting.
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, and 8.2.* before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failure and was using a narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server.
A missing allocation check in the SFTP server processing read requests may lead to a NULL dereference under low memory conditions. A malicious client can request up to 4GB SFTP reads, potentially causing allocation of up to 4GB buffers without error checking.
A vulnerability has been found in y_project RuoYi up to version 4.7.7, affecting the uploadFilesPath function of the File Upload component. Manipulation of the originalFilenames argument leads to cross site scripting.
A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 affecting an unknown part of the file /Service/ImageStationDataService.asmx. Manipulation of this part leads to insufficiently random values.
A vulnerability was found in EasyAdmin8 version 2.0.2.2 that allows unrestricted file uploads. The issue affects an unknown function in the file /admin/index/index.html#/admin/mall.goods/index.html of the File Upload Module.
A vulnerability has been found in the ChainCity Real Estate investment platform version 1.0 that allows cross site scripting attacks through manipulation of the 'subject' argument in the file /chaincity/user/ticket/create. The attack can be executed remotely.
A vulnerability has been found in Boom CMS version 8.0.7 affecting the add function of the assets-manager component. Manipulation of the title/description arguments leads to cross site scripting attacks.
A vulnerability was found in PaulPrinting CMS 2018 that allows cross site scripting (XSS) attacks by manipulating the argument 's' in the /account/delivery file of the Search component. The attack can be executed remotely.
A vulnerability has been found in ActiveITzone Active Super Shop CMS 2.5 that allows cross site scripting (XSS) attacks through manipulation of the arguments name, phone, and address on the Manage Details Page. The attack can be initiated remotely.
A vulnerability was found in Codecanyon Tiva Events Calender 1.4 that allows cross site scripting attacks through manipulation of the argument name. The attack can be initiated remotely.
A vulnerability was found in PaulPrinting CMS 2018, rated as problematic. Manipulation of the arguments firstname/lastname/address/city/state leads to cross-site scripting attacks.

