CVE-2025-10429

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproduct.php. The manipulation of the argument dropservices results in sql injection. The attack can be launched remotely. The...

CVE-2025-59397

Open Web Analytics OWA before 1.8.1 allows owadb.php vvalue SQL injection...

sql-injection-vulnerability

During the security review of "Pet grooming management", discove...

Rakuten Viber Desktop 安全漏洞

Rakuten Viber Desktop is an instant messaging software from Viber Luxembourg. A security vulnerability exists in Rakuten Viber Desktop version 25.6.0, which stems from improper handling of text parameters in the message compose or forward interface, which could lead to an HTML injection attack...

PT-2025-37021

Name of the Vulnerable Software and Affected Versions: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net versions prior to 1.117.6 Description: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for...

GO-2025-3916 simple-admin-core SQL Injection vulnerability in github.com/suyuan32/simple-admin-core

simple-admin-core SQL Injection vulnerability in github.com/suyuan32/simple-admin-core...

PT-2025-36499

Name of the Vulnerable Software and Affected Versions: code-projects Online Event Judging System version 1.0 Description: A weakness exists in code-projects Online Event Judging System 1.0. The issue impacts an unknown function of the file /home.php. Manipulation of the main event argument can le...

CVE-2025-58439 ERP: Possibility of SQL injection due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

CVE-2025-9933

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has be...

Tirreno 安全漏洞

tirreno is a security analyzer from tirreno open source. A security vulnerability exists in Tirreno version v0.9.5, which stems from improper handling of the columns0data parameter and could lead to an SQL injection attack...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

PT-2025-35611

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A security flaw exists in PHPGurukul Beauty Parlour Management System 1.1. The issue is related to SQL injection within an unknown function of the...

expressCart 安全漏洞

expressCart is a shopping cart software by Mark Moffat Individual Developer. A security vulnerability exists in expressCart that stems from an injection attack due to a misuse of the file /admin/product/edit/...

PT-2025-35432

Name of the Vulnerable Software and Affected Versions: Campcodes Online Learning Management System version 1.0 Description: A weakness exists in Campcodes Online Learning Management System that affects the processing of the /login.php file. Manipulation of the Username argument can cause SQL...

CVE-2025-9689 SourceCodester Advanced School Management System item_select sql injection

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...

CVE-2025-9679

A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /courseedit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-9601

The CVE-2025-9601 entry affects itsourcecode Apartment Management System 1.0. A SQL injection vulnerability exists in the file /setting/employee_salary_setup.php, triggered by the ddlEmpName parameter due to improper input handling. This could allow an attacker to remotely exploit and execute arb...

Code-Projects Simple Grading System 安全漏洞

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /editaccount.php. An attacker can exploit this vulnerability to execute...