CVE-2025-6724

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...

PT-2025-39990

Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get income account function at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can inject a SQL query into the filters.disabled parameter, potentially allowing extracti...

NVIDIA Delegated Licensing Service 安全漏洞

NVIDIA Delegated Licensing Service is a licensing service from NVIDIA Corporation. A security vulnerability exists in NVIDIA Delegated Licensing Service, which stems from vulnerability to SQL injection attacks that could lead to a partial denial of service...

CVE-2024-13150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects fayton.Pro ERP: through 20250929...

CVE-2025-6724

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...

CVE-2025-8868

Chef Automate is affected by CVE-2025-8868 for versions earlier than 4.13.295 on Linux x86. An authenticated attacker can access restricted functionality in the compliance service through SQL injection caused by improperly neutralized inputs using a well-known token. The NVD/NIST entry indicates ...

CVE-2025-11052

A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has...

PT-2025-39823

Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description Chef Automate versions earlier than 4.13.295 on Linux x86 are susceptible to a condition where an authenticated attacker can access restricted functionality. This is due to improperly...

Fayton fayton.pro ERP SQL注入漏洞

Fayton fayton.pro ERP is an enterprise resource planning system from Fayton, Turkey. A SQL injection vulnerability exists in Fayton fayton.pro ERP 20250929 and earlier versions, which stems from improper neutralization of special elements and can lead to SQL injection attacks...

PT-2025-39826

Name of the Vulnerable Software and Affected Versions fayton.Pro ERP versions through 20250929 Description A flaw exists in fayton.Pro ERP that allows for SQL Injection. This issue enables unauthorized access to the full database with minimal effort. The vulnerability is due to improper...

CVE-2025-11115

CVE-2025-11115 affects Code-Projects Simple Scheduling System 1.0, with the flaw located in addtime.php where manipulating starttime/endtime triggers SQL injection. Remote exploitation is possible and public exploits have been disclosed. Multiple sources (NVD/NVDC/CNVD/Red Hat feed) corroborate t...

CVE-2025-11114 CodeAstro Online Leave Application leaveAplicationForm.php sql injection

A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-11113

CVE-2025-11113 affects CodeAstro Online Leave Application 1.0. The vulnerability is in /signup.php, where manipulating the city parameter results in SQL injection. The attack can be performed remotely and public exploits are known. Other parameters may also be affected. Several connected sources ...

CVE-2025-11109 Campcodes Computer Sales and Inventory System us_edit.php sql injection

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/usedit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-11104

A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-11102

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-11102 Campcodes Online Learning Management System edit_content.php sql injection

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-11101 itsourcecode Open Source Job Portal index.php sql injection

A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/company/index.php?view=edit. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has bee...

CampCodes Advanced Online Voting Management System SQL注入漏洞

CampCodes Advanced Online Voting Management System is an advanced online voting management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Advanced Online Voting Management System version 1.0, which stems from incorrect manipulation of the parameter ID in...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which stems from an incorrect manipulation of the parameter cbranch in the file /Profilers/PriProfile/COUNT3s4.php, which could...