1919 matches found
EUVD-2023-31033
Malicious code in bioql PyPI...
EUVD-2024-32257
Malicious code in bioql PyPI...
EUVD-2022-0999
Malicious code in bioql PyPI...
EUVD-2023-30370
Malicious code in bioql PyPI...
EUVD-2025-3980
Malicious code in bioql PyPI...
EUVD-2024-33467
Malicious code in bioql PyPI...
EUVD-2024-49621
Malicious code in bioql PyPI...
EUVD-2025-7403
Malicious code in bioql PyPI...
EUVD-2024-33446
Malicious code in bioql PyPI...
EUVD-2025-32264
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
EUVD-2025-32279
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
PT-2025-40487
Name of the Vulnerable Software and Affected Versions Blappsta Mobile App Plugin versions prior to 0.8.8.9 Description The Blappsta Mobile App Plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. Specifically, the nh ynaa comments functi...
External Data Extraction Attacks against Retrieval-Augmented Large Language Models
In recent years, RAG has emerged as a key paradigm for enhancing large language models LLMs. By integrating externally retrieved information, RAG alleviates issues like outdated knowledge and, crucially, insufficient domain expertise. While effective, RAG introduces new risks of external data...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
CVE-2025-52041
In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...
CVE-2025-52043
In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...
CVE-2025-52039
In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...
CVE-2025-52040
In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...