WordPress AH Shortcodes plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin AH Shortcodes versions = 1.0.2...

WordPress Multi-column Tag Map plugin <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'mctmcssconditional' Parameter vulnerability discovered by Bhayanak Atma in WordPress Plugin Multi-column Tag Map versions = 17.0.39...

sqlite: Integer Truncation in SQLite

A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the DataStats function, which passes user input directly to goqu.L for execution on the database without escaping. An attacker can execute SQL by supplying malicious input to the column, group, or order parameters of th...

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

EUVD-2023-60205

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926

CVE-2023-53926 affects PHPJabbers Simple CMS 5.0. A SQL injection in the 'column' parameter of the index.php endpoint can allow remote attackers to manipulate queries and potentially extract or modify database information. The vulnerability is documented across multiple sources (including RH, NVD...

PHPJabbers Simple CMS SQL注入漏洞

PHPJabbers Simple CMS is a PHPJabbers open source content management system. A SQL injection vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from a SQL injection in the column parameter of the index.php endpoint, which may result in database information being extracted...

PT-2025-51964

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a SQL injection issue in the 'column' parameter. Attackers can inject crafted SQL payloads through the 'column' parameter in the ''index.php'' endpoint to potentially extract ...

BIT-DJANGO-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

CVE-2025-13372

A flaw was found in Django. This vulnerability allows Structured Query Language SQL injection in column aliases via a suitably crafted dictionary with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Mitigation Mitigation for this issue is either no...

Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Vulnerability description not provided...

CLSA-2025-1765546516 libtiff: Fix of CVE-2023-52356

CVE-2023-52356: add col/row validation in TIFFReadRGBAStrip/TIFFReadRGBATile to prevent heap-buffer overflow and potential DoS...

EUVD-2025-201989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...

CVE-2025-63033

CVE-2025-63033 concerns the WordPress plugin Make Section & Column Clickable For Elementor (versions ≤ 2.3). It enables Stored XSS due to improper input neutralization during web page generation. Wordfence’s vulnerability summary indicates patching in the 2.4 release, mitigating the issue; Patchs...