38 matches found
CVE-2025-14808
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2025-14811
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection SQLi vulnerability, exploitable through the advancedQueryData parameter comparator field on an authenticated endpoint. The endpoint...
PT-2026-22388
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 26.0.8 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.153 Description The software has a SQL Injection issue that can be exploited through the advancedQueryData parameter, specifically...
CVE-2025-59920 SQL injection in time@work from systems@work
When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...
CakePHP 5.2.12 Released
CakePHP 5.2.12 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.2.12. This is a security fix release for the 5.2 branch that fixes a security issue with PaginatorHelper. This release is recommended for all applications using PaginatorHelper::limitControl...
EUVD-2025-24675
Malicious code in bioql PyPI...
CVE-2025-8947
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-8947
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-8947
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-8947 projectworlds Visitor Management System query_data.php sql injection
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-8947 projectworlds Visitor Management System query_data.php sql injection
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...
PT-2025-33130 · Projectworlds · Visitor Management System
Name of the Vulnerable Software and Affected Versions: projectworlds Visitor Management System version 1.0 Description: A vulnerability exists in projectworlds Visitor Management System 1.0, affecting the processing of the /query data.php file. Manipulation of the dateF/dateP argument results in ...
Projectworlds Visitor Management System 注入漏洞
Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter dateF/dateP in the file /querydata.php. An attacker can exploit...
Apache Superset 信息泄露漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...
MAL-2025-2165 Malicious code in async-query-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c182fcd486203b0e1bcf7d1677e5b65105252c5d88f343b159e8dec92e0c772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in async-query-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c182fcd486203b0e1bcf7d1677e5b65105252c5d88f343b159e8dec92e0c772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sysaid-query-data (npm)
--- -= Per source details. Do not edit below this line.=-...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview OpenTelemetry.Instrumentation.AspNetCore is an ASP.NET Core instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This...
PT-2024-12627 · Hcl · Hcl Bigfix Bare Osd Metal Server Webui
Name of the Vulnerable Software and Affected Versions: HCL BigFix Bare OSD Metal Server WebUI versions 311.19 or lower Description: The issue concerns the inclusion of sensitive information in a query string, potentially allowing an attacker to execute a malicious attack. Recommendations: For HCL...