CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

PT-2025-45042

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions 1.5.0 and below Description The GLPI Inventory Plugin, which manages network discovery, inventory, software deployment, and data collection for GLPI agents, contains a SQL Injection issue. The plugin is vulnerabl...

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from user-supplied search...

PT-2025-44207

Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.0 Description Taiga, an open source project management platform, has an issue in its API. Versions 6.8.3 and earlier are susceptible to time-based blind SQL injection, potentially leading to the disclosure of...

CVE-2025-11893

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34101

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62389

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62383

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62391

Ivanti Endpoint Manager (EPM) has a SQL injection vulnerability CVE-2025-62391 that enables a remote authenticated attacker to read arbitrary data from the EPM database. Connected sources confirm the issue as SQL injection affecting Ivanti EPM, with remediation in Ivanti’s advisories: fixes for r...

Ivanti Endpoint Manager（EPM） SQL注入漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-11608

CVE-2025-11608 | code-projects E-Banking System 1.0 has a SQL injection in the POST Parameter Handler, originating from /register.php (parameters: username, password). Multiple sources confirm remote exploitation with a publicly disclosed exploit. Affected component: /register.php; vulnerability ...

CVE-2025-11599

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-10175 WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection

The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

Social Network Website SQL注入漏洞

Social Network Website is a simple social networking website by Pynch Personal Developers. Social Network Website suffers from a SQL injection vulnerability that stems from incorrect manipulation of an unknown function in the component Search, which could lead to an SQL injection attack...

EUVD-2025-33579

A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched remotely. The exploit ha...

CVE-2025-11555

CVE-2025-11555 concerns Campcodes Online Learning Management System v1.0. Multiple connected sources confirm a SQL injection in the /admin/calendar_of_events.php script caused by unsafely manipulating the date_start parameter. The vulnerability is exploitable remotely and exploit code is publicly...