1958 matches found
CVE-2025-46052
An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...
CVE-2025-46052
An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...
CVE-2025-46052
CVE-2025-46052 involves WebERP v4.15.2 with an error-based SQL Injection affecting the DEL form field in a POST request to /StockCounts.php. The underlying issue allows an attacker to execute arbitrary SQL and extract sensitive data. Multiple connected sources confirm the vulnerable endpoint and ...
CVE-2025-46053
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...
CVE-2025-46052
An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...
PT-2025-21285 · Weberp · Weberp
Name of the Vulnerable Software and Affected Versions: WebERP version 4.15.2 Description: An error-based SQL Injection SQLi vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to...
CVE-2025-4396
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
NCorr-FP: a Neighbourhood-Based Correlation-Preserving Fingerprinting Scheme for Intellectual Property Protection of Structured Data
Ensuring data ownership and traceability of unauthorised redistribution are central to safeguarding intellectual property in shared data environments. Data fingerprinting addresses these challenges by embedding recipient-specific marks into the data, typically via content modifications. We propos...
CVE-2025-2011
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
DMRL: Data- and Model-Aware Reward Learning for Data Extraction
Large language models LLMs are inherently vulnerable to unintended privacy breaches. Consequently, systematic red-teaming research is essential for developing robust defense mechanisms. However, current data extraction methods suffer from several limitations: 1 rely on dataset duplicates...
CVE-2025-0853
The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-13322
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
A Survey on Privacy Risks and Protection in Large Language Models
Although Large Language Models LLMs have become increasingly integral to diverse applications, their capabilities raise significant privacy concerns. This survey offers a comprehensive overview of privacy risks associated with LLMs and examines current solutions to mitigate these challenges. Firs...
CVE-2025-4204
CVE-2025-4204: Ultimate Auction Pro for WordPress (
CVE-2024-13344
The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13344 Advance Seat Reservation Management for WooCommerce <= 3.3 - Unauthenticated SQL Injection
The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?
Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...
CVE-2025-46578
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information...
CVE-2025-46578
CVE-2025-46578 concerns SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. The connected documents consistently describe GoldenDB’s SQL injection risk but do n...
CVE-2025-46578 ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information...