8209 matches found
CVE-2025-12562
GitLab CVE-2025-12562 affects GitLab CE/EE: unpatched versions include all 11.10→18.4.5, 18.5.x prior to 18.5.4, and 18.6.x prior to 18.6.2. Root cause: crafted GraphQL queries that bypass query complexity limits could allow an unauthenticated user to cause a Denial of Service. Remediation: GitLa...
PT-2025-50576
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...
PT-2025-50720
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
CampCodes Retro Basketball Shoes Online Store 安全漏洞
CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter pid in the file...
EUVD-2025-202333
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
EUVD-2025-202170
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-64156
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...
CVE-2025-12504
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...
Online Ordering System user_contact.php File SQL Injection Vulnerability
Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...
Currency Exchange System /edittrns.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...
Student Management System /edit_user.php File SQL Injection Vulnerability
Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...
PT-2025-50556
Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...
EUVD-2025-202035
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...
EUVD-2025-202048
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TalentSoft Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...
CVE-2025-64156
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...
CVE-2025-14250
A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...
CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
CVE-2025-12504 SQLi in Talent Software's UNIS
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection. This issue affects UNIS: before 42321...
CVE-2025-67520 WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...