PT-2025-47176

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.14 Description phpMyFAQ is an open source FAQ web application. A privileged user with 'Configuration Edit' permissions can execute arbitrary SQL commands due to an authenticated SQL injection flaw in the main...

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a...

CVE-2025-9428

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

EUVD-2025-34454

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

PT-2025-42185

Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The FreePBX Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2022-29504

Malicious code in bioql PyPI...

EUVD-2023-48819

Malicious code in bioql PyPI...

EUVD-2023-44607

Malicious code in bioql PyPI...

EUVD-2023-49439

Malicious code in bioql PyPI...

EUVD-2023-48817

Malicious code in bioql PyPI...

EUVD-2023-49440

Malicious code in bioql PyPI...

📄 Summer Employee Portal SQL Injection

Summer Employee Portal versions prior to 3.98.0 suffer from an authenticated remote SQL injection vulnerability. Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677 Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author:...

CVE-2025-30059 Authenticated SQL injection in PrepareCDExportJSON.pl

In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection...

CVE-2025-54788

CVE-2025-54788 corresponds to a SQL injection in the SuiteCRM InboundEmail module. The issue allows arbitrary backend SQL queries, impacting confidentiality, integrity, and availability by enabling data retrieval, modification, or deletion. Affected: SuiteCRM (InboundEmail module) in versions pri...

CVE-2025-24290

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application Version 2.4.206 and earlier could allow a malicious actor with low privileges to escalate privileges...

Ubiquiti UISP Application 安全漏洞

Ubiquiti UISP Application is an application used by Ubiquiti USA to manage and configure its network devices. A security vulnerability exists in Ubiquiti UISP Application version 2.4.206 and earlier, which stems from the presence of multiple authenticated SQL injection vulnerabilities that could...

CVE-2025-41444

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module...

CVE-2025-27709

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports...