CVE-2025-34247 Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

CVE-2025-34246

Advantech WebAccess/VPN

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2025-60239

CVE-2025-60239 describes an SQL Injection in the WordPress CoSchool LMS plugin (versions

EUVD-2025-38033

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through = 4.0...

CVE-2025-28953 WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through = 4.0...

PT-2025-45217

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

Advantech WebAccess/VPN 安全漏洞

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ztpsearchvalue...

PT-2025-45526

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 8.6.0 through 8.9.0 Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.6.0 through 8.9.0 are susceptible to an authenticated, blind time-based...

CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

Ecuador Quipux 安全漏洞

Ecuador Quipux is an electronic document management and process system from Ecuador Ecuador. A security vulnerability exists in Ecuador Quipux versions 4.0.1 through e1774ac, which stems from unvalidated parameters in multiple files and could lead to an SQL injection attack...

CVE-2025-55343

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txtdepecodi, busqueda/busqueda.php txtusuacodi, anexoslista.php raditemp, Administracion/listas/formAreaajax.php codDepe, Administracion/listas/formDepeHijoajax.php codDepe,...

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

Revive Adserver SQL Injection Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...

EUVD-2025-37469

A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...