PT-2025-35166

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in the /setting/employee salary setup.php file. The ddlEmpName argument is susceptible to manipulation, potentially allowing for remote exploitatio...

postgresql: PostgreSQL executes arbitrary code in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...

PT-2025-34831

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A vulnerability exists in itsourcecode Apartment Management System version 1.0. The issue is a SQL injection affecting an unknown function within the /report/rented info.php...

TencentOS Server 4: postgresql (TSSA-2025:0698)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0698 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

PT-2025-34705 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue exists in itsourcecode Apartment Management System 1.0. The vulnerability is located in the file /owner/addowner.php within an unknown function. Manipulation o...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version before 2.10.12 has a security vulnerability , the vulnerabilit...

Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

PT-2025-34139 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 2.10 Description: A vulnerability exists in Portabilis i-Diario up to version 2.10. The issue affects an unknown function within the /intranet/educar tipo usuario lst.php file of the Tipos de usàrio Page...

CVE-2025-50926

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function...

CVE-2025-8989

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-8932

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-9052

Summary: CVE-2025-9052 affects projectworlds Travel Management System 1.0. A vulnerability exists in the /updatepackage.php file where manipulating the s1 parameter enables SQL injection. The issue is exploitable remotely, and public exploitation information is available. Multiple connected sourc...

CVE-2025-8993

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expensefor leads to sql injection. The attack may be initiated remotely. The exploit...

PT-2025-33169 · WordPress · Valvepress Pinterest Automatic Pin

Name of the Vulnerable Software and Affected Versions: ValvePress Pinterest Automatic Pin affected versions not specified Description: An improper neutralization of special elements used in an SQL command vulnerability exists in ValvePress Pinterest Automatic Pin. This allows for SQL injection...

PT-2025-33135 · Phpgurukul · Phpgurukul Teachers Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Teachers Record Management System version 2.1 Description: A SQL injection issue exists due to the manipulation of the searchdata argument in an unknown function of the /admin/search.php file. The attack can be launched remotely. T...

CVE-2025-47954

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...