QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

Microsoft GitHub Copilot and Visual Studio 注入漏洞

Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There are injection vulnerabilities in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit these vulnerabilities to bypass certain features...

CVE-2019-25675

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

PT-2026-30486

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users select.php endpoint with crafted...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.6.0, 0.8.12, and 0.9.9 contain security vulnerabilities. These vulnerabilities stem from allowing attackers to insert controlled strings into CDATASection nodes, potentially leading to...

EUVD-2026-15021

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

CVE-2026-3912

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CKAN MCP Server 代码问题漏洞

CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which arises from incorrect handling of the parameter productname in the file admin/admin/editmenu.php,...

EUVD-2019-19774

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...

CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

NVIDIA Cumulus Linux和NVIDIA NVOS 命令注入漏洞

NVIDIA Cumulus Linux and NVIDIA NVOS are both products of NVIDIA Corporation, a US-based company. NVIDIA Cumulus Linux is a powerful open-source network operating system. NVIDIA NVOS is also an operating system. Both NVIDIA Cumulus Linux and NVIDIA NVOS have command injection vulnerabilities, whi...

SAP NetWeaver和SAP ABAP Platform 注入漏洞

SAP NetWeaver and SAP ABAP Platform are both products of the German company SAP. SAP NetWeaver is a service-oriented integrated application platform. This platform primarily provides development and runtime environments for SAP applications. SAP ABAP Platform is an SAP solution based on ABAP. Bot...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...

CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

CVE-2005-1734

Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2005-1972

Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via 1 the username, which is not properly handled by the insertUser function, or 2 the bbsessionid value in a cookie...