CVE-2025-12933

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...

PT-2025-45592

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives add.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may ...

EUVD-2025-38256

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

EUVD-2025-38250

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

PT-2025-45476

Name of the Vulnerable Software and Affected Versions Campcodes School File Management version 1.0 Description A security flaw exists in Campcodes School File Management 1.0. The issue is related to SQL injection, which can be triggered by manipulating the user id argument in the /admin/update...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase 2.10.14 and prior versions that...

CVE-2025-55343

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txtdepecodi, busqueda/busqueda.php txtusuacodi, anexoslista.php raditemp, Administracion/listas/formAreaajax.php codDepe, Administracion/listas/formDepeHijoajax.php codDepe,...

Geutebruck G-Cam E-Series 安全漏洞

Geutebruck G-Cam E-Series is a series of webcams from Geutebruck Japan. A security vulnerability exists in Geutebruck G-Cam E-Series version 1.12.0.19, which stems from insufficient validation of Group parameters and could lead to an SQL injection attack...

Nero Social Networking Site friendprofile.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendprofile.php. An attacker can exploit this...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to 3.0.7 and Nagios XI version 5.7.4, which...

Code-Projects Online Complaint Site 安全漏洞

Code-Projects Online Complaint Site is an online complaint site for Code-Projects. A security vulnerability exists in Code-Projects Online Complaint Site version 1.0, which stems from incorrect manipulation of the parameter category in the file /cms/admin/subcategory.php, which could lead to a SQ...

Food Ordering System SQL注入漏洞

Food Ordering System is a food ordering system by Siddhesh Personal Developer. A SQL injection vulnerability exists in Food Ordering System version 1.0, which stems from an incorrect manipulation of the parameter itemPrice in the file /admin/menu.php, which could lead to a SQL injection attack...

CVE-2025-49378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...

GHSA-8MF9-RMGW-33QC Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...

WordPress plugin Hydra Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

MediaWiki - WatchAnalytics extension 安全漏洞

MediaWiki - WatchAnalytics extension is an open source user tracking and analytics extension for MediaWiki. A security vulnerability exists in MediaWiki - WatchAnalytics extension versions 1.43 and 1.44, which stems from improper neutralization of special elements and could lead to an SQL injecti...

EUVD-2025-34908

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

WordPress plugin TARIFFUXX SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

PT-2025-42104

Name of the Vulnerable Software and Affected Versions Microsoft Configuration Manager affected versions not specified Description An issue exists in Microsoft Configuration Manager where improper neutralization of special elements in SQL commands allows an attacker to inject malicious SQL code...

CVE-2025-62389

CVE-2025-62389 is a SQL injection vulnerability in Ivanti Endpoint Manager. The vulnerability allows a remote authenticated attacker to read arbitrary data from the database. Multiple connected advisories confirm this family of SQL injection issues affects Ivanti Endpoint Manager and note a remed...