EUVD-2023-1538

Malicious code in bioql PyPI...

CVE-2023-28760

TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...

Linux Distros Unpatched Vulnerability : CVE-2016-8640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw databa...

CVE-2025-7343

The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-7919

WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

Digiwin SFT SQL注入漏洞

Digiwin SFT is a production tracking system from China-based Digiwin. A SQL injection vulnerability exists in Digiwin SFT, which can be exploited by an unauthenticated, remote attacker to inject arbitrary SQL commands that could result in reading, modifying, and deleting database content...

PT-2025-29725 · Yaysmtp · Yaysmtp

Name of the Vulnerable Software and Affected Versions: YaySMTP versions n/a through 1.3 Description: YaySMTP is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This issue could allow for unauthorized database access or modification...

PT-2025-29198 · Lenovo · Lenovo Vantage

Name of the Vulnerable Software and Affected Versions: Lenovo Vantage affected versions not specified Description: A SQL injection vulnerability exists in Lenovo Vantage. This issue could allow a local attacker to modify the local SQLite database and execute code with elevated permissions...

PT-2025-28275 · Sap · Sap Plug-In Basis +1

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse and SAP Plug-In Basis affected versions not specified Description: The issue allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. ...

CVE-2025-0966

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-6169

The CVE-2025-6169 entry concerns the HAMASTAR Technology WIMP website co-construction management platform, which is reported to be vulnerable to SQL Injection. Multiple connected sources describe unauthenticated remote SQL commands that can read, modify, and delete database contents. The exact af...

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

CVE-2021-23230

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...

CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2020-10582

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

CVE-2020-28994

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database...

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

CVE-2000-1232

upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method...

CVE-2025-2572

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup...

CVE-2025-2585

EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...