EUVD-2025-25179

Malicious code in bioql PyPI...

EUVD-2022-38050

Malicious code in bioql PyPI...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from incorrect manipulation of the parameter Data in the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.c...

SQL Injection

moonshine/moonshine is vulnerable to SQL injection. The vulnerability is due to improper handling of the Data parameter in the Blog module, which allows an attacker to inject malicious SQL queries...

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

CVE-2025-41034 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

CVE-2025-41033 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

SourceForge Dogfood CRM 安全漏洞

SourceForge Dogfood CRM is a SourceForge open source information management system. A security vulnerability exists in SourceForge Dogfood CRM version 2.0.10, which stems from insufficient cleanup of the data parameter in the spell.php script, which could lead to remote command execution...

CVE-2024-13982 SPON IP Network Intercom System rj_get_token.php Arbitrary File Read

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

SQL Injection

Overview lee-to/moonshine-tree-resource is a Tree resource for moonshine Affected versions of this package are vulnerable to SQL Injection via the data parameter in the Route::moonshine function. An attacker can exploit this to read sensitive data from the database. Remediation Upgrade...

MoonShine SQL Injection Vulnerability

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...

GHSA-9G9J-3W64-3CJH MoonShine SQL Injection Vulnerability

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...

Linux Distros Unpatched Vulnerability : CVE-2025-4517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the...

CVE-2025-8951 PHPGurukul Teachers Record Management System search.php sql injection

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

PT-2025-33264 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.5 Description: MoonShine version 3.12.5 contains a SQL injection issue within the Blog module, specifically through the Data parameter. Recommendations: As a temporary workaround, consider restricting access to the Blog...

Django: SQL Injection when using FilteredRelation

A SQL injection vulnerability was discovered in the Django framework when using the FilteredRelation feature. The vulnerability was located in the tests/filteredrelation/tests.py file. The vulnerability allowed an attacker to inject malicious SQL code through the userdata parameter used in the...

Directory Management System search-directory.php File SQL Injection Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /admin/search-directory.php. An attacker can...