CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

XOOPS CMS SQL注入漏洞

XOOPS CMS is a modular content management system developed by the XOOPS company. Version XOOPS CMS 2.5.9 has a SQL injection vulnerability. This vulnerability stems from the cid parameter being susceptible to SQL injections, which may allow unverified attackers to manipulate database queries...

WebIncorp ERP SQL注入漏洞

WebIncorp ERP is an enterprise resource planning system developed by WebIncorp Corporation. WebIncorp ERP has a SQL injection vulnerability, which stems from the prodid parameter being susceptible to SQL injections. This vulnerability could allow unverified attackers to manipulate database querie...

PT-2026-21442

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

PT-2026-21436

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

SQL-injection-explained

SQL-injection-explained Todays topic: SQL Injections Here is y...

Measuring AI Security: Separating Signal from Panic

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...

PlaciPy 注入漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and managers in educational institutions. Version 1.0.0 of PlaciPy contains a vulnerability that stems from unvalidated or unchecked...

CVE-2026-1432

SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STACODE=TABLON'. Exploiting this...

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2020-37108

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2025-12774 SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2025-12774 SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

EUVD-2025-206759

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2025-12774

The CVE-2025-12774 issue affects Brocade SANnav prior to version 3.0, caused by a vulnerability in the migration script. The flaw can enable collection of database SQL queries from the SANnav support save file, allowing an attacker who has access to that file to open it and extract sensitive info...

Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Prior to version 3.0 of Brocade SANnav, there were security vulnerabilities. These vulnerabilities stemmed from issues with migration scripts, which could lead to SQL queries from the database...

PT-2026-5755

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...