1384 matches found
EUVD-2025-24060
Malicious code in bioql PyPI...
EUVD-2025-26191
Malicious code in bioql PyPI...
EUVD-2023-34939
Malicious code in bioql PyPI...
EUVD-2024-1009
Malicious code in bioql PyPI...
EUVD-2025-25730
Malicious code in bioql PyPI...
EUVD-2025-28511
Malicious code in bioql PyPI...
EUVD-2025-30400
Malicious code in bioql PyPI...
EUVD-2025-31158
Malicious code in bioql PyPI...
EUVD-2022-41575
Malicious code in bioql PyPI...
EUVD-2025-18659
Malicious code in bioql PyPI...
CVE-2024-56804 Video Station
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later...
CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-10726
CVE-2025-10726 (WPRecovery) affects WordPress WPRecovery plugin up to version 2.0. It describes an unauthenticated SQL Injection via data[id] that can cause leakage of sensitive data and, via the query result being passed to unlink(), arbitrary file deletion on the server. The Wordfence report co...
CVE-2025-59742
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACKREQUESTFRMSQL.ASP'...
CVE-2025-8122 Blind SQL Injection in PAD CMS
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...
CVE-2025-11089 kidaze CourseSelectionSystem COUNT3s4.php sql injection
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...
CVE-2025-59816
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...
CVE-2025-60109
CVE-2025-60109 affects the LambertGroup AllInOne Content Slider WordPress plugin. The issue is an improper neutralization of user input in an SQL query, enabling Blind SQL Injection. Impact is high for confidentiality (C:H) and low to moderate for availability, with CVSS v3.1 base score 8.5. Affe...
CVE-2025-10036
The FIFU (Featured Image from URL) WordPress plugin is affected by an authenticated SQL Injection vulnerability in get_all_urls() for versions up to and including 5.2.7. An Administrator+ attacker can inject additional SQL into existing queries to exfiltrate data. Patch information from connected...