CVE-2025-13047

CVE-2025-13047 affects the ViewLead Technology Bacteriology Laboratory Reporting System. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL and read database contents. Root cause and exact vulnerable component are described as an injection fl...

CVE-2025-13046

...

EUVD-2025-113115

Malicious code in graphql-chai-schema-elara npm...

EUVD-2025-113114

Malicious code in graphql-chakra-ui-luna-proxima npm...

EUVD-2025-111328

Malicious code in meissa-alphard-xanadu-graphql npm...

WellSky Harmony 安全漏洞

WellSky Harmony is an all-in-one service management platform from WellSky USA. A security vulnerability exists in WellSky Harmony version 4.1.0.2.83, which stems from improper cleanup of the TXTUSERID parameter in the xmHarmony.asp endpoint, which could lead to an SQL injection attack...

PT-2025-46577

Name of the Vulnerable Software and Affected Versions ViewLead Technology Bacteriology Laboratory Reporting System affected versions not specified Description The Bacteriology Laboratory Reporting System allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially enablin...

CVE-2025-59499

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

EUVD-2025-84350

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-8324 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

WordPress Plugin CoSchool LMSSQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

EUVD-2025-44057

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-12931 SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12865

U-Office Force by e-Excellence is affected by a SQL Injection vulnerability stemming from unvalidated input, enabling an authenticated remote attacker to read, modify, and delete database contents. CVSS metrics indicate high impact to confidentiality, integrity, and availability. No remediation o...

CVE-2025-12926 SourceCodester Farm Management System review.php sql injection

A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from improper privilege management and could lead to the execution of arbitrary SQL...