CVE-2025-8861 Changing｜TSA - Missing Authentication

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

PT-2025-35180

Name of the Vulnerable Software and Affected Versions: TSA developed by Changing affected versions not specified Description: TSA developed by Changing is susceptible to a missing authentication issue. This allows unauthenticated remote attackers to read, modify, and delete database contents...

Changing TSA 访问控制错误漏洞

Changing TSA is a timestamp server from Panorama Changing Corporation in Taiwan, China. Changing TSA suffers from an Access Control Error vulnerability that stems from a lack of authentication, which could allow an unauthenticated, remote attacker to read, modify, and delete database contents...

CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-9255

WebITR by Uniong is affected by a SQL injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The available documents consistently describe this as a SQL injection issue in the WebITR system, without providing concrete deta...

CVE-2025-9255 Uniong｜WebITR - SQL Injection

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-8914

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

PT-2025-30235 · Simopro Technology · Winmatrix3 Web

Name of the Vulnerable Software and Affected Versions: WinMatrix3 Web package versions affected versions not specified Description: WinMatrix3 Web package developed by Simopro Technology contains a SQL Injection flaw. This allows unauthenticated remote attackers to inject arbitrary SQL commands,...

CVE-2025-7735

The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

UNIMAX Hospital Information System SQL注入漏洞

UNIMAX Hospital Information System is a hospital information system from UNIMAX Corporation. UNIMAX Hospital Information System suffers from a SQL injection vulnerability that stems from SQL injection and could result in reading the contents of the database...

PT-2025-29900 · Unimax · Unimax Hospital Information System

Name of the Vulnerable Software and Affected Versions: UNIMAX Hospital Information System affected versions not specified Description: The Hospital Information System developed by UNIMAX is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL...

CVE-2021-23186

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...

CVE-2020-8887

Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php aka the server login page...

CVE-2025-3707

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...

PT-2025-13648 · Piextract · Soop-Clm

Name of the Vulnerable Software and Affected Versions: SOOP-CLM from PiExtract affected versions not specified Description: The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents. Recommendations: At the...

CVE-2025-2585

CVE-2025-2585 concerns the EBM Maintenance Center from EBM Technologies. Multiple connected sources confirm a SQL Injection vulnerability that allows remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. The issue is driven by imp...

CVE-2024-54447

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-12245

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-12245 Blind SQL Injection in Logout

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...