CVE-2019-25504 NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract...

EUVD-2019-10615

Malware in sbrugna...

EUVD-2025-6408

Malicious code in bioql PyPI...

EUVD-2024-33475

Malicious code in bioql PyPI...

EUVD-2024-32257

Malicious code in bioql PyPI...

EUVD-2024-33245

Malicious code in bioql PyPI...

CVE-2025-6184

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

CVE-2024-13216

The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/hteventsponsor.php. This makes it possible for authenticated attackers, with...

CVE-2025-2011

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

PT-2025-16952 · WordPress · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protected plugin versions up to, and including, 2.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data, including all protected site content, if the 'Use Transient' setting is enabled. This is possibl...

ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

CVE-2024-54820

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input...

CVE-2024-5207

The POST SMTP – The 1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...

CVE-2024-4742

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the orderby shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and la...

CVE-2024-11106

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-10692

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-16540 · WordPress · The Restaurant & Cafe Addon For Elementor

Name of the Vulnerable Software and Affected Versions: The Restaurant & Cafe Addon for Elementor plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

PT-2024-23098 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue is related to a SQL injection vulnerability. It affects the /sentrifugo/index.php/default/reports/activeuserrptpdf API endpoint, specifically the sort name parameter. This vulnerability could allo...

PT-2023-21033 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

ZOHO ManageEngine Asset Management System SQL Injection Vulnerability

ZOHO ManageEngine Asset Management System is an asset management solution from ZOHO. A SQL injection vulnerability exists in ZOHO ManageEngine Asset Management System v1.0, which stems from vulnerability to an authenticated SQL injection vulnerability that could allow an authenticated attacker to...