EUVD-2025-33342

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

API Attack Awareness: Injection Attacks in APIs – Old Threat, New Surface

Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs too much, keeps resurfacing in new forms. As organizations have shifted to API-driven architectures and integrated AI systems that consume...

CVE-2025-10862 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id'

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parameter and lack of sufficient preparation on...

EUVD-2025-33261

A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible to initiate the attack remotely. The explo...

PT-2025-41464

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A SQL injection issue exists in code-projects E-Commerce Website 1.0. The issue is present in an unknown function within the /pages/user index search.php file. Manipulation of the Search...

PT-2025-41459

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The software is susceptible to SQL Injection in the 'admin/view customer.php' file through the ID parameter. This allows for potential unauthorized access or modification ...

Apache Flink CDC SQL注入漏洞

Apache Flink CDC is a real-time data capture framework from the Apache Foundation. An SQL injection vulnerability exists in Apache Flink CDC version 3.4.0, which stems from improper handling of specially crafted identifiers such as database names or table names, which could lead to SQL injection...

CVE-2025-60316

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/viewcustomer.php via the ID parameter...

CVE-2025-60267

In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...

CVE-2025-60266

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...

PT-2025-41443

Name of the Vulnerable Software and Affected Versions xckk version 9.6 Description The software contains a SQL injection issue due to insufficient filtering of the orderBy parameter within the ''/address/list'' API endpoint. This allows for potential unauthorized database access or modification...

PT-2025-41463

Name of the Vulnerable Software and Affected Versions ProjectWorlds Gate Pass Management System version 1.0 Description A SQL injection issue exists in the handling of the fullname parameter within the /add-pass.php script. Manipulation of this parameter can allow an attacker to inject malicious...

CVE-2025-60265

The CVE-2025-60265 issue affects xckk v9.6 and is caused by insufficient filtering of the orderBy parameter in the /user/list endpoint, enabling SQL injection. The vulnerability is documented across multiple sources (e.g., Red Hat CVE page, EUVD/ENISA entries, and PT-2025-41411) with a described ...

CVE-2025-11507

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made...

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-11486

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

CVE-2025-11479

A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number leads to sql injection. The attack can be executed remotely. The exploit has been...