EUVD-2026-9395

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

WordPress External Login plugin SQL Injection Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. WordPress External Login plugin is prone to SQL injection vulnerability, which is caused by...

EUVD-2012-4481

Malware in sbrugna...

EUVD-2002-0582

Malware in sbrugna...

EUVD-2022-6665

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-24272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongo...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

WordPress External Database Based Actions plugin <= 0.1 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin External Database Based Actions versions = 0.1...

CVE-2024-10311

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...

CVE-2024-10311

CVE-2024-10311 : The External Database Based Actions WordPress plugin (versions

PT-2024-16178 · WordPress · External Database Based Actions

Name of the Vulnerable Software and Affected Versions: External Database Based Actions plugin for WordPress version 0.1 and earlier Description: The issue is due to a missing capability check in the edba admin handle function, allowing authenticated attackers with subscriber-level permissions and...

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

BIT-MOODLE-2021-40693

An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability...

BIT-MONGODB-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

CVE-2021-42797

Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

MAL-2023-933 Malicious code in velo-external-database-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9c7e720483399030f4aa6ca225732c8aab633f862302071086c02e3d990993a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-1582 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.0 Description: The issue is related to a Path Traversal vulnerability in the setup.php file of OpenEMR. This vulnerability allows remote unauthenticated users to read arbitrary files by controlling a connection t...

AVEVA Edge 安全漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

PT-2022-5829 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior Description: The issue is related to a path traversal vulnerability that allows an unauthenticated user to steal the Windows access token of the user account configured for...