CVE-2025-15492 RainyGao DocSys GroupMemberMapper.xml sql injection

A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. Th...

Server-Side Request Forgery (SSRF)

Craft CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the file.url parameter in the GraphQL save Asset mutation, which allows an attacker with asset management permissions to force the server to fetch internal or restricted resources and...

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

CVE-2025-14598

CVE-2025-14598 affects BeeS Software Solutions BET Portal. The issue is an SQL injection in the login functionality that allows arbitrary SQL execution on the backend database. Impact described across sources includes unauthorized database access and potential data theft/lateral movement. Remedia...

CVE-2021-41081

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search...

CVE-2021-41731

Cross Site Scripting XSS vulnerability exists in Sourcecodester News247 News Magazine CMS PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field...

CVE-2021-41649

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php catid parameter. Using a post request does not sanitize the user input...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

CVE-2025-61246

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/reviewaction.php via the proId parameter...

CVE-2022-38282

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list...

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

CVE-2025-11246 Insufficient Granularity of Access Control in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...

CVE-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

CVE-2023-4873

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is...

CVE-2023-4185

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack...

CVE-2023-4201

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file excatagorydata.php. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2023-4548

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filterbrandid leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-41983

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool...

CVE-2023-4899

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

CVE-2025-32303

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0...