Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

PT-2025-45370

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp search value’ parameter to the ‘NetworkServlet’ endpoint. Successfu...

CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

CVE-2025-12614

A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

PT-2025-45042

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions 1.5.0 and below Description The GLPI Inventory Plugin, which manages network discovery, inventory, software deployment, and data collection for GLPI agents, contains a SQL Injection issue. The plugin is vulnerabl...

CVE-2025-12609 CodeAstro Gym Management System update-progress.php sql injection

A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/iniweight results in sql injection. The attack may be initiated remotely. The exploit has bee...

PT-2025-44750

Name of the Vulnerable Software and Affected Versions itsourcecode Billing System version 1.0 Description A flaw exists in itsourcecode Billing System 1.0. The issue affects an unknown function within the /admin/app/login crud.php file. Manipulation of the Password argument can lead to a SQL...

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from user-supplied search...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.5 that stems from the SNMP Trap Interfa...

PT-2025-44087

Name of the Vulnerable Software and Affected Versions HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to and including 1.3.7.1 Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is susceptible to blind SQL Injection...

PT-2025-44074

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security issue has been identified in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue involves the processing of the file /admin/admin football.php...

EUVD-2025-36344

A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

EUVD-2025-36347

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-12257

CVE-2025-12257 affects SourceCodester Online Student Result System 1.0. The vulnerability is a SQL injection in the view_result.php handler, triggered by improper handling of the ID parameter, allowing remote exploitation. Multiple sources confirm the issue and that the exploit has been publicly ...

CVE-2025-12242 CodeAstro Gym Management System check-attendance.php sql injection

A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

Code-Projects Automated Voting System SQL注入漏洞

Code-Projects Automated Voting System is a Code-Projects open source automated voting system. Code-Projects Automated Voting System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter Username in the file /admin/user.php, which could lead...

LangGraph's SQLite store implementation has a SQL Injection Vulnerability

A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...