182 matches found
CVE-2018-12295
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter...
Siemens Spectrum Power 安全漏洞
Siemens Spectrum Power is an energy management system from Siemens, Germany. A security vulnerability exists in Siemens Spectrum Power 4 versions prior to V4.70 SP12 Update 2, which originates from a credentials file that can be read globally, potentially allowing an attacker to connect to the...
CVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...
ClipBucket SQL注入漏洞
ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A SQL injection vulnerability exists in ClipBucket v5 versions 5.5.2 through 151 and earlier, which originates from a certified administrator with plugin management...
Simple Banking System transfermoney.php File SQL Injection Vulnerability
Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /transfermoney.php. An attacker can exploit this vulnerability to execute...
EUVD-2008-3373
Malware in sbrugna...
EUVD-2015-4612
Malware in sbrugna...
EUVD-2019-13296
Malware in sbrugna...
EUVD-2025-24723
Malicious code in bioql PyPI...
EUVD-2023-36383
Malicious code in bioql PyPI...
EUVD-2024-54513
Malicious code in bioql PyPI...
Important: postgresql15
Issue Overview: PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available ...
CVE-2025-8858 Changing|Clinic Image System - SQL Injection
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-52914
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...
WordPress Pakke Envíos SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Pakke Envíos suffers from a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, no details of the vulnerabili...
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper...
Code-Projects Crime Reporting System 注入漏洞
Crime Reporting System is a crime reporting system. Crime Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Name in the file /registration.php. An attacker can exploit this vulnerability to...
Code-Projects Library System 注入漏洞
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...
CVE-2024-54923
A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...
CVE-2024-33266
SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function...