148 matches found
CVE-2026-32602
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...
CVE-2025-41007
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...
EUVD-2026-13676
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
PT-2026-26604
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
EUVD-2025-208399
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2019-25451
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...
CVE-2019-25451 phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...
CVE-2025-14969
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...
Security Updates for Microsoft SQL Server (January 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...
CVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...
EUVD-2025-202153
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...
CVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...
PT-2025-49867
CVE-2025-12807 A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. https://t.co/lEhiHUNcHf...
CVE-2025-41013 SQL injection vulnerability in TCMAN GIM
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
Malicious Package
Overview MyDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
EUVD-2025-34972
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...
CVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...