CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

CVE-2025-61940

NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...

EUVD-2015-1739

Malware in sbrugna...

PT-2025-24511 · Woocommerce · Holest Engineering Spreadsheet Price Changer

Name of the Vulnerable Software and Affected Versions: Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light versions n/a through 2.4.37 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in ...

PT-2025-24484 · WordPress · Wp Lead Capturing Pages

Name of the Vulnerable Software and Affected Versions: kamleshyadav WP Lead Capturing Pages versions prior to 2.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...

PT-2025-21985 · Unknown · Automatorwp

Name of the Vulnerable Software and Affected Versions: AutomatorWP versions through 5.2.1.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be...

PT-2025-17189 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions n/a through 5.9.4.8 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to execute malicious SQL...

PT-2025-15381

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue allows unauthenticated attackers to perform SQL Injection via the coating text parameter due to insufficient escaping of user-supplied input and...

PT-2025-14064 · Joomsky · Joomsky Js Help Desk

Name of the Vulnerable Software and Affected Versions: JoomSky JS Help Desk versions 2.9.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows unauthorized SQL commands to be execute...

PT-2025-13060 · Wpguppy · Wpguppy

Name of the Vulnerable Software and Affected Versions: WPGuppy versions 1.1.3 and earlier Description: The issue is related to an SQL Injection vulnerability, which allows attackers to exploit the system. This is due to the improper neutralization of special elements used in an SQL command...

PT-2025-2914 · Unknown · Fancy Product Designer

Name of the Vulnerable Software and Affected Versions: Fancy Product Designer versions n/a through 6.4.3 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as a SQL Injection vulnerability. This vulnerability can allow an attacke...

PT-2024-35203 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.2.1 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This...

PT-2024-4324 · Fortra · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier Description: The issue is related to a SQL injection vulnerability that allows an attacker to modify application data. This can likely result in the creation of administrative...

PT-2024-8596 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue is related to a lack of protection against SQL query structure...

PT-2024-3155 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator versions prior to 1.29.3 Description: The issue is related to a SQL injection vulnerability due to a lack of protection measures for the SQL query structure. This vulnerability can be exploited by a remote attacker to modify...

PT-2023-31688 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder for WordPress versions through 2.14.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitati...

PT-2023-30164

Name of the Vulnerable Software and Affected Versions Innosa Probbys versions prior to 2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

PT-2023-22340

Name of the Vulnerable Software and Affected Versions Oliva Expertise EKS versions prior to 1.2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For...

PT-2023-18545 · Unknown +1 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: a12nserver versions prior to 0.23.0 Description: The issue affects users of a12nserver who use MySQL, making them potentially vulnerable to SQL injection bugs. This could allow an attacker to obtain OAuth2 Access Tokens for unrelated users. T...