CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

Pet-grooming-management-print-payment.php-v.1.0-Unauthorized-sql-injection

Pet-grooming-management-prin...

CVE-2025-10421

A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /updateaccount.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PHPGurukul User Management System SQL注入漏洞

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /login.php. An attacker can exploit this vulnerability to...

PHPGurukul Online Discussion Forum 安全漏洞

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/editmember.php. An attacker can exploit this vulnerability to...

PT-2025-38154

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has...

PT-2025-38144

Name of the Vulnerable Software and Affected Versions Yordam Informatics Yordam Library Automation System versions 21.5 through 21.6 Description The Yordam Library Automation System is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command...

CVE-2025-10564 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deletecategory. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2024-13174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the...

CVE-2024-13174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the...

CVE-2025-52044

In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...

CVE-2025-7744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dolusoft Omaspot allows SQL Injection. This issue affects Omaspot: before 12.09.2025...

oasys 安全漏洞

oasys is an OA office automation system by the individual developer misstt123. A security vulnerability exists in oasys version 1.1, which stems from a misuse of the parameter aleph in the file src/main/Java/cn/gson/oasys/controller/address/AddrController, which could lead to an SQL injection...

PT-2025-38081

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A vulnerability exists in Campcodes Grocery Sales and Inventory System 1.0. The issue is related to SQL injection within an unknown function of the file...

PT-2025-37913

Name of the Vulnerable Software and Affected Versions: SINAV.LINK Exam Result Module versions prior to 1.2 Description: An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in the SINAV.LINK Exam Result Module. This issue allows for SQL...

CVE-2025-57631

TDuckCloud CVE-2025-57631 is a SQL injection affecting TDuckCloud v5.1 through the file-upload module, enabling a remote attacker to execute arbitrary code. The CVE’s metrics show a high-severity, network-exploitable impact with no user interaction required. The available connected documents conf...

CVE-2025-10477

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched...

CVE-2025-10459

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the...

GHSA-2GG8-85M5-8R2P Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

CVE-2025-10436

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/supsearchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit...