CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

CVE-2019-25496

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

PT-2026-22365

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping cart.php with malicious currency values using boolean-based SQL injectio...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

CVE-2026-23230

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

CVE-2026-23230 smb: client: split cached_fid bitfields to avoid shared-byte RMW races

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

CVE-2026-2247

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit

This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...

CVE-2026-2247

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

PT-2026-8402

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

CVE-2019-25348

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2019-25348

...

CVE-2019-25348

Technical details beyond what is provided are not available in the supplied documents. No information about affected versions beyond 19.0.0, reachable vectors, or fixes is included here. Monitor for updates.

CVE-2019-25348

...

CVE-2019-25348

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-1850

CVE-2026-1850: Complex queries can cause excessive memory usage in the MongoDB Query Planner, leading to an Out-Of-Memory crash. Affected component: MongoDB Query Planner. Root cause: excessive memory consumption from complex queries. Impact: availability high (per CVSS 4.0), with no confidential...

CVE-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...