EUVD-2025-28739

Malicious code in bioql PyPI...

EUVD-2025-15821

Malicious code in bioql PyPI...

EUVD-2022-41575

Malicious code in bioql PyPI...

EUVD-2025-26578

Malicious code in bioql PyPI...

EUVD-2025-30400

Malicious code in bioql PyPI...

CVE-2024-56804 Video Station

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-10726

CVE-2025-10726 (WPRecovery) affects WordPress WPRecovery plugin up to version 2.0. It describes an unauthenticated SQL Injection via data[id] that can cause leakage of sensitive data and, via the query result being passed to unlink(), arbitrary file deletion on the server. The Wordfence report co...

CVE-2025-59742

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACKREQUESTFRMSQL.ASP'...

CVE-2025-8122 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-11089 kidaze CourseSelectionSystem COUNT3s4.php sql injection

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...

CVE-2025-59816

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

CVE-2025-60109

CVE-2025-60109 affects the LambertGroup AllInOne Content Slider WordPress plugin. The issue is an improper neutralization of user input in an SQL query, enabling Blind SQL Injection. Impact is high for confidentiality (C:H) and low to moderate for availability, with CVSS v3.1 base score 8.5. Affe...

CVE-2025-10036

The FIFU (Featured Image from URL) WordPress plugin is affected by an authenticated SQL Injection vulnerability in get_all_urls() for versions up to and including 5.2.7. An Administrator+ attacker can inject additional SQL into existing queries to exfiltrate data. Patch information from connected...

CVE-2025-59816

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

Zenitel ICX500和Zenitel ICX510 安全漏洞

Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that stems from an attacker's ability to directly query the underlying database, which could result in the retrieval of all...

PT-2025-39446

Name of the Vulnerable Software and Affected Versions Billing Admin affected versions not specified Description This issue enables attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords...

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

Online Course Registration my-profile.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cgpa in the file /my-profile.php. An attacker can exploit thi...