CVE-2026-28390 affecting package edk2 for versions less than 20240524git3e722403cd16-16

CVE-2026-28390 affecting package edk2 for versions less than 20240524git3e722403cd16-16. A patched version of the package is available...

OmniPEMF NeoRhythm 访问控制错误漏洞

OmniPEMF NeoRhythm is a wearable brain stimulation device developed by the American company OmniPEMF. Versions of OmniPEMF NeoRhythm dated before 20260308 contained a security vulnerability related to access control. This vulnerability stemmed from a lack of authentication in the BLE Bluetooth Lo...

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

CVE-2025-2155

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025...

CVE-2025-2154

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025...

CVE-2025-6520 SQLi in Abis Technology's BAPSIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

CVE-2025-6520

CVE-2025-6520 concerns Abis Technology’s BAPSIS, where an improper neutralization of special elements leads to Blind SQL Injection in versions before 202510271606. Multiple sources describe exploitation potential to extract full database content via timing-based techniques, with a CVSS v3.1 base ...

EUVD-2025-37308

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606...

CVE-2025-6919

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: before Version dated 06.10.2025...

QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

EUVD-2025-29717

Malicious code in bioql PyPI...

CVE-2025-55885

SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php...

CVE-2025-7744 SQLi in Dolusoft's Omaspot

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dolusoft Omaspot allows SQL Injection. This issue affects Omaspot: before 12.09.2025...

Linux Distros Unpatched Vulnerability : CVE-2016-6742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute...

Linux Distros Unpatched Vulnerability : CVE-2016-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other...

CVE-2025-6918

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025...

Yukseloglu Filter B2B Login Platform SQL注入漏洞

Yukseloglu Filter B2B Login Platform is a B2B login platform from Yukseloglu Filter, Inc. A SQL injection vulnerability exists in Yukseloglu Filter B2B Login Platform versions prior to 16.01.2025, which stems from improper neutralization of special elements...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

Azure C Shared Utility 安全漏洞

Azure C Shared Utility is an open source C library for Microsoft Azure. It provides general-purpose functionality for basic tasks e.g., strings, list operations, IO, etc.. A security vulnerability exists in versions of Azure C Shared Utility prior to 2023-12-01, which stems from a vulnerability...

Softomi Advanced C2C Marketplace Cross-Site Scripting Vulnerability

Softomi Advanced C2C Marketplace is a marketplace e-commerce software from Softomi. A cross-site scripting vulnerability exists in versions prior to Softomi Advanced C2C Marketplace 12122023, which stems from an input mismatch during web page generation, leading to cross-site scripting...