EUVD-2025-31435

Malicious code in bioql PyPI...

EUVD-2025-28832

Malicious code in bioql PyPI...

EUVD-2025-29144

Malicious code in bioql PyPI...

EUVD-2025-27433

Malicious code in bioql PyPI...

EUVD-2025-28395

Malicious code in bioql PyPI...

EUVD-2025-28014

Malicious code in bioql PyPI...

EUVD-2025-25018

Malicious code in bioql PyPI...

EUVD-2025-25331

Malicious code in bioql PyPI...

CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin <= 0.8.8.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...

CVE-2025-61605

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...

CVE-2025-11020 Remote Code Execution in MarkAny SafePC Enterprise

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0. V7.0.YYYY.MM.DD...

Yoshop 安全漏洞

Yoshop is a Chinese yiovo open source e-commerce system. A security vulnerability exists in Yoshop version 2.0, which originates from unvalidated goodsIds parameter and may lead to SQL injection attack...

PT-2025-39990

Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get income account function at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can inject a SQL query into the filters.disabled parameter, potentially allowing extracti...

NVIDIA Delegated Licensing Service 安全漏洞

NVIDIA Delegated Licensing Service is a licensing service from NVIDIA Corporation. A security vulnerability exists in NVIDIA Delegated Licensing Service, which stems from vulnerability to SQL injection attacks that could lead to a partial denial of service...

CVE-2025-8868

Chef Automate is affected by CVE-2025-8868 for versions earlier than 4.13.295 on Linux x86. An authenticated attacker can access restricted functionality in the compliance service through SQL injection caused by improperly neutralized inputs using a well-known token. The NVD/NIST entry indicates ...

CVE-2025-11104

A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-11102

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which stems from an incorrect manipulation of the parameter cbranch in the file /Profilers/PriProfile/COUNT3s4.php, which could...