CVE-2025-40886

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

CVE-2025-40887

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

CVE-2025-40885

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

EUVD-2025-32873

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

CVE-2025-0603 SQLi in Callvision Healthcare's Callvision Emergency Code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection. This issue affects Callvision Emergency Code: before V3.0...

code-projects Simple Food Ordering System 安全漏洞

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /product.php. An attacker can exploit thi...

EUVD-2025-25393

Malicious code in bioql PyPI...

EUVD-2025-30400

Malicious code in bioql PyPI...

EUVD-2025-24060

Malicious code in bioql PyPI...

EUVD-2025-26191

Malicious code in bioql PyPI...

EUVD-2025-28511

Malicious code in bioql PyPI...

EUVD-2025-28739

Malicious code in bioql PyPI...

EUVD-2025-25697

Malicious code in bioql PyPI...

EUVD-2025-25730

Malicious code in bioql PyPI...

EUVD-2025-26578

Malicious code in bioql PyPI...

EUVD-2025-27803

Malicious code in bioql PyPI...

CVE-2024-56804 Video Station

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-10726

CVE-2025-10726 (WPRecovery) affects WordPress WPRecovery plugin up to version 2.0. It describes an unauthenticated SQL Injection via data[id] that can cause leakage of sensitive data and, via the query result being passed to unlink(), arbitrary file deletion on the server. The Wordfence report co...