CVE-2025-67731

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

CVE-2025-67731 Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

EUVD-2024-31962

Malicious code in bioql PyPI...

CVE-2025-4688

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2...

PT-2025-38255

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions prior to 1.2 Description: The Scratch Channel is a news website where a user with fork privileges can modify administrators and create articles via a POST request to the API. Recommendations: Update to version 1.2...

CVE-2025-4688

CVE-2025-4688 describes an SQL injection in BGS Interactive SINAV.LINK Exam Result Module (versions before 1.2). The vulnerability stems from improper neutralization of special elements in SQL commands, enabling unauthorized database access with high impact (CVE score: CVSSv3.1 9.8, network attac...

CVE-2025-4688 SQLi in BGS Interactive's SINAV.LINK Exam Result Module

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2...

CVE-2025-4688 SQLi in BGS Interactive's SINAV.LINK Exam Result Module

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2...

PT-2025-37913

Name of the Vulnerable Software and Affected Versions: SINAV.LINK Exam Result Module versions prior to 1.2 Description: An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in the SINAV.LINK Exam Result Module. This issue allows for SQL...

BGS Interactive SINAV.LINK Exam Result Module SQL注入漏洞

BGS Interactive SINAV.LINK Exam Result Module is a system component of BGS Interactive that manages exam results. A SQL injection vulnerability exists in BGS Interactive SINAV.LINK Exam Result Module versions prior to 1.2, which stems from improper neutralization of a special element and could le...

CVE-2014-125127

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

CVE-2024-3373

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RSM Design Website Template allows SQL Injection. This issue affects Website Template: before 1.2...

CVE-2024-9478

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2...

WordPress plugin CoSchool LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-35308 · Leadboxer · Leadboxer

Name of the Vulnerable Software and Affected Versions: LeadBoxer versions prior to 1.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This problem affects LeadBoxer, enabling...

upKeeper 安全漏洞

upKeeper is a cloud-based or local solution from upKeeper Inc. A security vulnerability exists in upKeeper versions prior to 1.2, which stems from the presence of an incorrect privilege management vulnerability that allows privilege escalation...

PT-2024-39582 · WordPress · Embed Videos/Respect Privacy

Name of the Vulnerable Software and Affected Versions: Embed videos and respect privacy plugin for WordPress versions prior to 1.2 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages due to insufficient input sanitization and output escaping via the v...

CVE-2024-3373

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RSM Design Website Template allows SQL Injection. This issue affects Website Template: before 1.2...

CVE-2024-35207

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The web interface of the affected devices are vulnerable to Cross-Site Request ForgeryCSRF attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform...

CVE-2024-35208

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords...