CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

CVE-2019-25702

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

CVE-2019-25700

Summary: CVE-2019-25700 affects Kados R10 GreenBee, where an SQL injection vulnerability exists via the sort_direction parameter. The root cause is unsafely constructed database queries that allow attacker-controlled SQL code to be injected. Impact (as stated): attackers could extract sensitive d...

CVE-2019-25696

Kados R10 GreenBee contains an SQL injection vulnerability exploitable via the language_tag parameter. The root cause is unsafe SQL construction that allows attackers to inject SQL statements into queries, enabling extraction of sensitive database information and potential data modification. Affe...

CVE-2019-25694

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25688 Kados R10 GreenBee SQL Injection via menu_lev1 Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menulev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menulev1 parameter to extract sensitive...

CVE-2019-25688

CVE-2019-25688 affects Kados R10 GreenBee with an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries via the menu_lev1 parameter, enabling extraction or modification of database contents. The root cause is unsanitized input in the menu_lev1 parameter....

PT-2026-30502

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort direction parameter. Attackers can submit malicious SQL statements in the sort direction parameter to extract sensitive database information or...

PT-2026-30504

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter user mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

PT-2026-30496

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu lev1 parameter to extract sensitive...

PT-2026-30499

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

mysql: mariadb: InnoDB unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

GHSA-GVRJ-CJCH-728P Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster

Impact Any Juju controller since 3.2.0. An attacker with only route-ability to the target juju controller Dqlite cluster endpoint may join the Dqlite cluster, read and modify all information, including escalating privileges, open firewall ports etc. This is due to not checking the client...

GHSA-7XXH-373W-35VG Payload has an SQL Injection via Query Handling

Impact Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. Patches This issue has been fixed in v3.79.1 and later. Query input validation has been hardened. Upgrade to v3.79...

CVE-2026-34747

Payload CMS prior to version 3.79.1 contains an input validation flaw that allows crafting requests to influence SQL query execution in collection data. The vulnerability affects the free, open-source headless CMS (Payload CMS) and arises from improper validation of certain request inputs. This c...