📄 FacturaScripts SQL Injection

FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the Autocomplete Actions functionality. CVE-2026-25514: FacturaScripts has SQL Injection in Autocomplete Actions Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25514 | | Severity | HIGH | |...

CVE-2026-25514

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

CVE-2026-25514

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

FacturaScripts has SQL Injection in Autocomplete Actions

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

PT-2026-5901

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to an issue where the autocomplete attribute is not disabled for password fields. This can allow the autocomplete function to store or reveal sensitive credentials, potentially leading t...

PT-2026-6462

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

EUVD-2011-4657

Malware in sbrugna...

EUVD-2018-15575

Malware in sbrugna...

EUVD-2009-5055

Malware in sbrugna...

EUVD-2012-2018

Malware in sbrugna...

EUVD-2024-41623

Malicious code in bioql PyPI...

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2014-8524

McAfee Network Data Loss Prevention NDLP before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

PT-2024-23624 · Easycorp · Easyadmin

Name of the Vulnerable Software and Affected Versions: EasyCorp EasyAdmin versions up to 4.8.9 Description: A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the item argument is the cause of...

hunter2 安全漏洞

hunter2 is hunter2 open source a platform for creating and running online or event-based puzzle hunts. A security vulnerability exists in hunter2 versions prior to 2.1.0 that stems from improper handling of auto-complete input and allows an authenticated attacker to extract the email addresses of...

Design/Logic Flaw

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions...

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129...