Lucene search
K

1958 matches found

NVD
NVD
added 2025/05/15 2:15 p.m.15 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.8CVSS0.00438EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.7 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.9AI score0.00438EPSS
Exploits1References2
CVE
CVE
added 2025/05/15 12:0 a.m.33 views

CVE-2025-46052

CVE-2025-46052 involves WebERP v4.15.2 with an error-based SQL Injection affecting the DEL form field in a POST request to /StockCounts.php. The underlying issue allows an attacker to execute arbitrary SQL and extract sensitive data. Multiple connected sources confirm the vulnerable endpoint and ...

9.8CVSS8.1AI score0.00438EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.9 views

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

6.2AI score0.00214EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/15 12:0 a.m.12 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

0.00438EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21285 · Weberp · Weberp

Name of the Vulnerable Software and Affected Versions: WebERP version 4.15.2 Description: An error-based SQL Injection SQLi vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to...

9.8CVSS7.7AI score0.00438EPSS
Exploits1References8
NVD
NVD
added 2025/05/13 4:16 a.m.28 views

CVE-2025-4396

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.02626EPSS
Exploits2References5
Packet Storm News
Packet Storm News
added 2025/05/09 12:0 a.m.3 views

NCorr-FP: a Neighbourhood-Based Correlation-Preserving Fingerprinting Scheme for Intellectual Property Protection of Structured Data

Ensuring data ownership and traceability of unauthorised redistribution are central to safeguarding intellectual property in shared data environments. Data fingerprinting addresses these challenges by embedding recipient-specific marks into the data, typically via content modifications. We propos...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/08 10:11 a.m.22 views

CVE-2025-2011

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS7.6AI score0.46724EPSS
Exploits6References1
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.3 views

DMRL: Data- and Model-Aware Reward Learning for Data Extraction

Large language models LLMs are inherently vulnerable to unintended privacy breaches. Consequently, systematic red-teaming research is essential for developing robust defense mechanisms. However, current data extraction methods suffer from several limitations: 1 rely on dataset duplicates...

6.9AI score
Exploits0
NVD
NVD
added 2025/05/06 10:15 p.m.17 views

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00347EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/04 3:59 a.m.19 views

CVE-2024-13322

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7.5AI score0.01579EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/03 12:0 a.m.2 views

A Survey on Privacy Risks and Protection in Large Language Models

Although Large Language Models LLMs have become increasingly integral to diverse applications, their capabilities raise significant privacy concerns. This survey offers a comprehensive overview of privacy risks associated with LLMs and examines current solutions to mitigate these challenges. Firs...

7AI score
Exploits0
CVE
CVE
added 2025/05/02 12:23 p.m.71 views

CVE-2025-4204

CVE-2025-4204: Ultimate Auction Pro for WordPress (

7.5CVSS7.7AI score0.00347EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/02 4:15 a.m.3 views

CVE-2024-13344

The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS5.8AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/02 3:21 a.m.29 views

CVE-2024-13344 Advance Seat Reservation Management for WooCommerce <= 3.3 - Unauthenticated SQL Injection

The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.00347EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.5 views

Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?

Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...

7AI score
Exploits0
OSV
OSV
added 2025/04/27 2:15 a.m.3 views

CVE-2025-46578

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information...

7.5CVSS5.9AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/04/27 1:30 a.m.61 views

CVE-2025-46578

CVE-2025-46578 concerns SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. The connected documents consistently describe GoldenDB’s SQL injection risk but do n...

7.5CVSS7.3AI score0.0029EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/27 1:30 a.m.17 views

CVE-2025-46578 ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information...

6.5CVSS0.0029EPSS
Exploits0References1
Rows per page
Query Builder