229 matches found
EUVD-2024-43953
Malicious code in bioql PyPI...
EUVD-2023-46985
Malicious code in bioql PyPI...
EUVD-2021-28958
Malicious code in bioql PyPI...
EUVD-2025-11385
Malicious code in bioql PyPI...
EUVD-2025-11413
Malicious code in bioql PyPI...
EUVD-2025-11440
Malicious code in bioql PyPI...
EUVD-2025-11446
Malicious code in bioql PyPI...
EUVD-2025-11451
Malicious code in bioql PyPI...
EUVD-2022-28901
Malicious code in bioql PyPI...
EUVD-2025-11389
Malicious code in bioql PyPI...
PT-2025-30238 · Digiwin · Sft
Name of the Vulnerable Software and Affected Versions: SFT affected versions not specified Description: The SFT developed by Digiwin is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially enabling them to read, modify, a...
PT-2025-29725 · Yaysmtp · Yaysmtp
Name of the Vulnerable Software and Affected Versions: YaySMTP versions n/a through 1.3 Description: YaySMTP is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This issue could allow for unauthorized database access or modification...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-33852
IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614...
CVE-2023-36934
In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...
CVE-2012-1607
The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...
CVE-2025-40621
CVE-2025-40621 affects TcMAN’s GIM v11. The vulnerability arises from an SQL injection in the User parameter of the ValidateUserAndGetData endpoint, allowing an unauthenticated attacker to obtain, update, and delete all information in the database. The issue is described with network-level access...
CVE-2025-27495
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-46274
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database...