CVE-2022-3607

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository octoprint/octoprint prior to 1.8.3...

CVE-2022-23695

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2021-24341

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

CVE-2021-37033

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability...

CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using th...

CVE-2021-20085

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories=%2F with drtsformbuildid parameter containing the XSS payload and t parameter...

CVE-2020-26518

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandoraconsole/include/chartgenerator.php sessionid parameter...

CVE-2019-15894

An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code fr...

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

CVE-2010-4359

SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

CVE-2025-4861

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched...

CVE-2025-48056 Hubble CLI vulnerable to character injection

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output...

WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Goodlayers Hotel versions = 3.1.4...

Projectworlds Online Lawyer Management System SQL注入漏洞

Projectworlds Online Lawyer Management System is an online lawyer management system from Projectworlds India. A security vulnerability exists in Projectworlds Online Lawyer Management System version 1.0, which originates from an SQL injection due to the manipulation of the parameter email in the...

WordPress Radio Player Shoutcast & Icecast theme <= 4.4.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Radio Player Shoutcast & Icecast WordPress Plugin versions = 4.4.6...

WordPress plugin FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PHPGurukul Apartment Visitors Management System 注入漏洞

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter Category in file...

Pre-School Enrollment System /admin/edit-subadmin.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in file /admin/edit-subadmin.php. An...