Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0

Summary A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthoriz...

Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...

CVE-2025-11313

Tipray Data Leakage Prevention System 1.0 has a SQL injection in findRolePage.do (findRolePage) caused by improper handling of the sort parameter. The flaw can be exploited remotely; exploit published. Vendor contact noted with no response. No remediation details are provided in the supplied docu...

CVE-2025-11312 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findModulePage.do findModulePage sql injection

A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public...

Tipray Data Leakage Prevention System SQL注入漏洞

Tipray Data Leakage Prevention System is a data leakage prevention system of China Tipray Company. Tipray Data Leakage Prevention System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the incorrect operation of the parameter sort in the file findRolePage.do, which may...

Tipray Data Leakage Prevention System 安全漏洞

Tipray Data Leakage Prevention System is a data leakage prevention system of China Tipray Company. A security vulnerability exists in Tipray Data Leakage Prevention System version 1.0, which originates from the incorrect operation of the parameter tenantId in the file findCategoryPage.do, and may...

PT-2025-40891

Name of the Vulnerable Software and Affected Versions Campcodes Online Apartment Visitor Management System version 1.0 Description A security flaw exists in Campcodes Online Apartment Visitor Management System 1.0. The issue involves SQL injection, stemming from the manipulation of the editid...

EUVD-2025-32450

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

CVE-2025-11288 CRMEB GET Parameter product sql injection

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

CVE-2025-61605

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...

EUVD-2025-24025

Malicious code in bioql PyPI...

EUVD-2025-30774

Malicious code in bioql PyPI...

EUVD-2025-30400

Malicious code in bioql PyPI...

EUVD-2025-30780

Malicious code in bioql PyPI...

EUVD-2025-26578

Malicious code in bioql PyPI...

EUVD-2023-54641

Malicious code in bioql PyPI...

EUVD-2025-25492

Malicious code in bioql PyPI...

EUVD-2025-27803

Malicious code in bioql PyPI...

EUVD-2025-6817

Malicious code in bioql PyPI...

EUVD-2025-29187

Malicious code in bioql PyPI...