CVE-2025-58628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-25048

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...

PT-2025-36111

Name of the Vulnerable Software and Affected Versions TkEasyGUI versions prior to 1.0.22 Description An OS Command Injection issue exists in TkEasyGUI. If exploited, an unauthenticated remote attacker may execute arbitrary OS commands if the settings are configured to construct messages from...

WordPress plugin Miraculous SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2025-36129

Name of the Vulnerable Software and Affected Versions: WP Full Stripe Free versions through 8.3.0 Description: WP Full Stripe Free is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. Recommendations: Update WP Full Stripe Free to a versio...

PT-2025-36251

Name of the Vulnerable Software and Affected Versions: Miraculous versions prior to 2.0.9 Description: The Miraculous software contains a SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Update...

CVE-2025-25048

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...

Improper Neutralization

Active Record is vulnerable to Improper Neutralization. The vulnerability is due to unescaped ANSI sequences being logged when IDs are passed to find or similar methods...

CVE-2025-58604

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

CVE-2025-35113 Agiloft improper neutralization in EUI template engine

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

Centreon Web SQL Injection (CVE-2025-4650) affects Centreon Web via the Meta Service indicator page. The root cause is improper neutralization of special elements in an SQL command, enabling a high-privilege attacker to perform a SQLi without user interaction. Affected versions include web 23.10....

CVE-2025-53195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through = 3.7.0...

CVE-2025-54726 WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a...

PT-2025-33965 · WordPress · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions through 3.7.0 Description: Improper neutralization of special elements used in a template engine in Crocoblock JetEngine allows code injection. Recommendations: Update Crocoblock JetEngine to a version later than...

PT-2025-34022

Name of the Vulnerable Software and Affected Versions: JS Archive List affected versions not specified Description: The software contains an Improper Neutralization of Special Elements used in an SQL Command vulnerability, which allows for SQL Injection. Recommendations: At the moment, there is n...

Intel Tiber Edge Platform Edge Orchestrator Information Disclosure Vulnerability

Intel Tiber Edge Platform Edge Orchestrator is an edge computing platform from Intel designed to simplify the edge application development and deployment process by supporting modular tools to build and run edge applications. Intel Tiber Edge Platform Edge Orchestrator suffers from an information...