2402 matches found
CVE-2025-53306 WordPress WP Forum Server plugin <= 1.8.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in lucidcrew WP Forum Server allows SQL Injection. This issue affects WP Forum Server: from n/a through 1.8.2...
CVE-2025-39474
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through = 3.1.4...
CVE-2025-52722 WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a through = 4.0.34...
CVE-2025-52834
CVE-2025-52834 corresponds to an SQL Injection in the WordPress theme/favethemes Homey. The initial record confirms the vulnerability affects Homey versions n/a through 2.4.5 and classifies the flaw as an SQL injection due to improper neutralization of elements in SQL commands (high impact on con...
Eron Wowwo CRM SQL注入漏洞
Eron Wowwo CRM is a customer relationship management software from Eron Turkey. Eron Wowwo CRM suffers from a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, which could lead to blind SQL injection...
OpenNMS Horizon 安全漏洞
OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon that stems from improper neutralization of special elements in SQL commands, which could lead to SQL...
CVE-2025-6518
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
CVE-2025-52821
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through = 1.7...
CVE-2025-52821
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through = 1.7...
CVE-2025-30562
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through = 1.0.1...
CVE-2025-39508
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a through = 6.4.4...
Yirmibes Software MY ERP SQL注入漏洞
Yirmibes Software MY ERP is a business management software from Yirmibes Software, Turkey. A SQL injection vulnerability exists in Yirmibes Software MY ERP versions prior to 1.170, which stems from improper neutralization of special elements in SQL commands, and may lead to SQL injection attacks...
CVE-2025-48145 WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through = 1.3...
WordPress plugin Arconix Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Arconix Shortcodes plugin that originates from an improper neutralization and can be exploited by an attacker to...
WordPress plugin Rankie SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
WordPress plugin WPAdverts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-6101
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...
PT-2025-25512 · Letta-Ai · Letta-Ai
Name of the Vulnerable Software and Affected Versions: letta-ai letta versions up to 0.4.1 Description: A critical issue has been found in the function function message of the file letta/letta/interface.py. The manipulation of the argument function name/function args leads to improper...
Palo Alto GlobalProtect App MacOS 6.x < 6.2.8-h2 / 6.3.x < 6.3.3 Privilege Escalation (CVE-2025-4232)
The version of Palo Alto GlobalProtect App installed on the remote macOS host is 6.x prior to 6.2.8-h2 or 6.3.x prior to 6.3.3. It is, therefore, affected by a privilege escalation vulnerability: - An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...