CVE-2025-11032 kidaze CourseSelectionSystem COUNT3s6.php sql injection

A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from...

CVE-2025-60118

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

CVE-2025-60109

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

CVE-2025-10867

CVE-2025-10867 affects GitLab CE/EE and can allow an authenticated user to cause a denial-of-service by repeatedly hitting an unprotected GraphQL API. Affected versions are GitLab 18.1 up to but not including 18.2.7, 18.3 up to but not including 18.3.3, and 18.4 up to but not including 18.4.1. Th...

CVE-2025-60109 WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...

CVE-2025-60107 WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a...

PT-2025-39556

Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Content Slider versions through 3.8 Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to SQL Injection. This allows for Blind SQL...

WordPress plugin PGS Core SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

CVE-2025-10825

A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available...

CVE-2025-10857

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

Hostel Management System index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modamenities/index.php. An attacker can exploit this...

Hostel Management System Home Parameter SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Home in the file /justines/admin/modreports/index.php. An attacker can...

Online Bidding System index.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator/index.php. An attacker can exploit this...

CVE-2025-58686

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through = 3.6.2...

CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...

CVE-2025-10851

Campcodes Gym Management System 1.0 contains a SQL injection in the /ajax.php?action=login endpoint caused by manipulating the Username parameter. This is exploitable remotely, and multiple sources confirm that an exploit has been released publicly. The CVE-2025-10851 records impact to unknown fu...

CVE-2025-10848 Campcodes Society Membership Information System check_student.php sql injection

A vulnerability was identified in Campcodes Society Membership Information System 1.0. This issue affects some unknown processing of the file /checkstudent.php. Such manipulation of the argument studentid leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-10845

A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-10846

A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...