CVE-2025-41028

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...

DaiCuo CMS 安全漏洞

DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from a SQL injection vulnerability in file library hinkdbBuilder.php...

WordPress TARIFFUXX plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

EUVD-2025-35043

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...

Restaurant-Management-System-DBMS-project 安全漏洞

Restaurant-Management-System-DBMS-project is a restaurant management system by Rajvi Patel, an individual developer. A security vulnerability exists in Restaurant-Management-System-DBMS-project version 1.0, which stems from improper handling of SQL query strings in login.php, which can lead to SQ...

Microchip TimeProvider 4100 安全漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.5, which stems from improper neutralization of special elements and could lead to an SQL injection attack...

EUVD-2025-34912

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-11909

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

CVE-2025-62422 DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24266)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-11501

The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'taxquery' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

Base Digitale Centrax Open PSIM 安全漏洞

Base Digitale Centrax Open PSIM is a platform for physical security management from Base Digitale, Italy. A security vulnerability exists in Base Digitale Centrax Open PSIM version 6.1, which stems from mishandling of the datafine parameter and could lead to an SQL injection attack...

CVE-2025-59213

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally...

CVE-2025-11177 External Login <= 1.11.2 - Unauthenticated SQL Injection via log

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10660

CVE-2025-10660 details (CWE: SQL Injection). The WP Dashboard Chat plugin for WordPress is vulnerable via the id parameter in all versions up to 1.0.3 due to insufficient escaping of user input and inadequate preparation of the existing SQL query. This enables authentication-conscious actors with...

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

CVE-2025-55320

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...

Configuration Manager Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...