PT-2025-40245

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get stock balance for function located at erpnext/stock/doctype/stock reconciliation/stock reconciliation.py is susceptible to SQL Injection. An attacker can inject a SQL query through the invento...

PT-2025-40246

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get rfq containing supplier function located at erpnext/buying/doctype/request for quotation/request for quotation.py is susceptible to SQL Injection. An attacker can inject a SQL query through th...

PT-2025-40243

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get material requests based on supplier function located at erpnext/stock/doctype/material request/material request.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-10036

The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getallurls function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-10037

The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getpostswithinternalfeaturedimage function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Binwalk

This is an implementation of the Binwalk firmware analysis tool in Rust, written for speed and accuracy. Binwalk can identify and optionally extract files and data embedded inside other files, with a focus on firmware analysis. It supports a wide variety of file and data types and can even help...

Undervoltage-based Static Side-channel Attacks (“Chypnosis”) on FPGAs

Summary This document describes a potential attack technique against FPGA devices that leverages side-channel analysis SCA techniques to physically extract register and memory content from the device. In applications following best practices for security, critical data, such as decryption keys, i...

CVE-2025-10042

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-52044

In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...

CVE-2025-10142

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-8692

The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘logduration’ parameter in all versions up to, and including, 6.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-9073 All in one Minifier <= 3.2 - Unauthenticated SQL Injection

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-37112

Name of the Vulnerable Software and Affected Versions: CatFolders – Tame Your WordPress Media Library by Category plugin versions prior to 2.5.3 Description: The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress contains a time-based SQL Injection issue via the CSV...

CVE-2025-10142

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-10142

The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

UBUNTU-CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

CVE-2025-7826

CVE-2025-7826 affects the WordPress Indianic Testimonial plugin (Testimonial) via SQL Injection in the iNICtestimonial shortcode. Vulnerable up to and including version 2.3 due to insufficient escaping and lack of query preparation, enabling authenticated attackers with Contributor+ privileges to...

CVE-2025-7826 Testimonial <= 2.3 - Authenticated (Contributor+) SQL Injection

The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...