EUVD-2023-43067

Malicious code in bioql PyPI...

EUVD-2023-34934

Malicious code in bioql PyPI...

EUVD-2023-34939

Malicious code in bioql PyPI...

Simple Grading System add_student_grade.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

Linux Distros Unpatched Vulnerability : CVE-2019-10208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitra...

Simple Cafe Ordering System portal.php File SQL Injection Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /portal.php. An attacker can exploit this...

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

CVE-2025-54474 Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

DEBIAN-CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

CVE-2025-8279

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

PT-2025-31109 · Gitlab · Gitlab Language Server

Name of the Vulnerable Software and Affected Versions: GitLab Language Server versions 7.6.0 through 7.29.0 Description: Insufficient input validation within GitLab Language Server allows arbitrary GraphQL query execution. Recommendations: Update to GitLab Language Server version 7.30.0 or later...

GHSA-P9QM-P942-Q3W5 XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API

Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWikisearchDocuments APIs are not sanitizing the query at all and even if they force a specific select, Hibernate allows using any native function in an HQL query for example in the...

Chat System update_account.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from an error in the parameter musername in the file /user/updateaccount.php that lacks validation of an externally entered SQL statement. An attacker can use this vulnerability to execute illegal SQL...

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter brandId in the file /phpaction/fetchSelectedBrand.php. An attacke...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2022-29498

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...