CVE-2026-22196 GestSup < 3.2.60 SQL Injection in Ticket Creation

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

CVE-2025-15239

CVE-2025-15239 concerns the QOCA aim AI Medical Cloud Platform from Quanta Computer. The connected sources confirm a SQL Injection vulnerability that enables authenticated remote attackers to inject arbitrary SQL commands to read database contents. The available metrics indicate CVSS v3.1 base sc...

CVE-2025-15238 Quanta Computer｜QOCA aim AI Medical Cloud Platform - SQL Injection

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

PT-2026-1227

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform, developed by Quanta Computer, contains a SQL Injection flaw. This allows authenticated remote attackers to inject arbitrary...

CVE-2025-14758

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

EUVD-2025-203480

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

CVE-2025-14758

The CVE-2025-14758 entry concerns the YAOOK Operator’s infra-operator, where a misconfiguration in the replication security of the MariaDB component could allow an on-path attacker to read database contents, potentially including credentials. This is documented across multiple feeds (NVD, Red Hat...

CVE-2025-14758 Initialization of a Resource with an Insecure Default in YAOOK

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

PT-2025-49770

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14254

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14254

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2025-201695

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14255

CVE-2025-14255 relates to Vitals ESP (Galaxy Software Services). Connected sources confirm a SQL Injection vulnerability in Vitals ESP, enabling authenticated remote attackers to inject arbitrary SQL commands to read database contents. The issue is described consistently across Red Hat, NVD, CVE ...

CVE-2025-14254 Galaxy Software Services｜Vitals ESP - SQL Injection

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

PT-2025-49515

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

PT-2025-49514

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...