EUVD-2023-35912

Malicious code in bioql PyPI...

EUVD-2023-2536

Malicious code in bioql PyPI...

EUVD-2023-32434

Malicious code in bioql PyPI...

EUVD-2023-27651

Malicious code in bioql PyPI...

EUVD-2021-30901

Malicious code in bioql PyPI...

EUVD-2022-4074

Malicious code in bioql PyPI...

MyClub 安全漏洞

MyClub is a club management software for jibux individual developers. A security vulnerability exists in MyClub version 0.5, which stems from insufficient cleanup of query parameter inputs and could lead to an SQL injection attack...

PT-2025-39989

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The import coa function located at erpnext/accounts/doctype/chart of accounts importer/chart of accounts importer.py is susceptible to SQL injection. An attacker can inject a SQL query through the...

CVE-2025-11105

A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

CVE-2025-11052

A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

CVE-2025-10833

A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed a...

CampCodes Online Beauty Parlor Management System SQL注入漏洞

CampCodes Online Beauty Parlor Management System is an online beauty parlor management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Online Beauty Parlor Management System version 1.0, which stems from an incorrect manipulation of the parameter viewid in the...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

PT-2025-38686

Name of the Vulnerable Software and Affected Versions: Campcodes Online Learning Management System version 1.0 Description: A weakness exists in Campcodes Online Learning Management System that may allow for remote SQL injection. The issue is related to the manipulation of the subject code argume...

PT-2025-38693

Name of the Vulnerable Software and Affected Versions Campcodes Grocery Sales and Inventory System version 1.0 Description A flaw exists in Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is due to SQL injection within unknown code in the file /ajax.php?action=delete user...

PT-2025-38695

Name of the Vulnerable Software and Affected Versions SourceCodester Online Hotel Reservation System version 1.0 Description A flaw exists in SourceCodester Online Hotel Reservation System version 1.0 where manipulation of the ID argument within an unknown function of the deleteroominventory.php...

Pet-grooming-management-view_payorder.php-v.1.0-sql-injection

Pet-grooming-management...

PT-2025-37984

Name of the Vulnerable Software and Affected Versions: Frappe ERPNext version 15.57.5 Description: Frappe ERPNext version 15.57.5 contains a SQL injection issue in the get stock balance function located at erpnext/stock/utils.py. An attacker can inject a SQL query into the inventory dimensions di...

CVE-2025-10436 Campcodes Computer Sales and Inventory System sup_searchfrm.php sql injection

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/supsearchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit...