CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

Hospital Management System 安全漏洞

Hospital Management System is a hospital management system by Kishan Lal, an individual developer. A security vulnerability exists in Hospital Management System version 4, which originates from SQL injection due to incorrect manipulation of parameter password2 in file...

Files SQL注入漏洞

Files is a single-file PHP application from the individual developer Karl Ward. It can be dragged and dropped into any directory, allowing browsing of the files and directories within. A SQL injection vulnerability exists in Files 0.16.9 and prior versions, which stems from a failure to block...

WordPress April Framework plugin <= 5.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin April Framework versions = 5.1...

WordPress Auteur Framework plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...

CVE-2025-54586

GitProxy

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the getLast API when processing user-supplied table names. An attacker can execute arbitrary SQL statements on the underlying database by sending crafted API requests, potentially resulting in data theft, corruption,...

UBUNTU-CVE-2025-7962

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

CVE-2025-7861 code-projects Church Donation System search.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2025-20272

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...

Lenovo Vantage 安全漏洞

Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage that stems from the presence of a SQL injectio...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

WordPress Visual Art | Gallery WordPress Theme Theme <= 2.4 is vulnerable to PHP Object Injection

Software Visual Art | Gallery WordPress Theme Type Theme Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31422 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f75a5b9fac9b Credits Tran Nguyen Bao Khanh VC...

CVE-2025-7169

A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainerpage.php. The manipulation of the argument location leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /user/addmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

CVE-2025-7131

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveemployeeattendance. The manipulation of the argument employeeid leads to sql injection. The attack ca...

WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Pay with Contact Form 7 versions = 1.0.4...

Library System student-issue-book.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter reg in the file /student-issue-book.php. An attacker can exploit this vulnerability to execute illeg...

Simple Pizza Ordering System large.php file SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter ID of file /large.php. An attacker can exploit this vulnerability to...

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...