SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Code-Projects Simple Leave Manager SQL注入漏洞

Code-Projects Simple Leave Manager is an open source leave management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Simple Leave Manager version 1.0, which stems from incorrect manipulation of the parameter staffid in the file /request.php, which could lead to a...

itsourcecode Student Management System SQL注入漏洞

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

Code-Projects Simple Shopping Cart 安全漏洞

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...

PT-2025-49555

Name of the Vulnerable Software and Affected Versions code-projects Simple Shopping Cart version 1.0 Description A flaw exists in code-projects Simple Shopping Cart version 1.0 that allows for remote SQL injection. The issue is located in the file '/adminlogin.php', specifically through...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that originates from a SQL command injection that could result in reading the contents of the...

Advantech iView SQL Injection Vulnerability

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

PT-2025-49539

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0. The issue affects code within the /edit user.php file. Manipulation of the fname argument can lead to a SQL...

jshop_mall SQL注入漏洞

jshopmall Jshop small program mall is China Jihai technology hnjihai open source an e-commerce system. SQL injection vulnerability exists in jshopmall version 2.9.0, the vulnerability stems from the incorrect operation of the parameter catid in the file /index.php/api.html, which may lead to SQL...

EUVD-2025-201599

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

Towards Small Language Models for Security Query Generation in SOC Workflows

Analysts in Security Operations Centers routinely query massive telemetry streams using Kusto Query Language KQL. Writing correct KQL requires specialized expertise, and this dependency creates a bottleneck as security teams scale. This paper investigates whether Small Language Models SLMs can...

PT-2025-49396

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

Yonyou U8 Cloud SQL注入漏洞

Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A SQL injection vulnerability exists in Yonyou U8 Cloud version 5.0, 5.0sp, 5.1, and 5.1sp, which originates from incorrect manipulation of the parameter usercode in the file...

WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin All In One SEO Pack versions = 4.9.1...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12850

CVE-2025-12850 concerns the WordPress plugin “My auctions allegro”. It affects all versions up to and including 3.6.32 and enables a malicious actor to exploit an unauthenticated SQL Injection via the auction_id parameter. The root cause is insufficient escaping of user input and lack of proper q...

PT-2025-49255

Name of the Vulnerable Software and Affected Versions TrippWasTaken PHP-Guitar-Shop versions prior to 6ce0868889617c1975982aae6df8e49555d0d555 Description A weakness exists in TrippWasTaken PHP-Guitar-Shop. The issue is related to SQL injection within the Product Details Page component,...

MGASA-2025-0320 Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...

Enjin: Unauthenticated GraphQL access by prepending __schema to private operations

A security vulnerability was identified in the GraphQL schema of the Enjin Platform. The vulnerability allowed unauthorized access to the GraphQL schema by prepending "schema" to private operations. The vulnerability was discovered and reported by a security researcher. The specific location of t...

CVE-2025-13495

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...