WordPress Listeo-Core Plugin < 2.0.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin Listeo Core versions 2.0.7...

CVE-2025-54726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-54726

CVE-2025-54726 affects the WordPress plugin jquery-archive-list-widget (JS Archive List). Nuclei template and Patchstack/NVD entries indicate an SQL Injection in JS Archive List &lt;= 6.1.5 (up to

WordPress plugin JS Archive List SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

Online Medicine Guide browsemdcn.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter Search in the file /browsemdcn.php. The vulnerability can be exploited by an attacker to...

PT-2025-34022

Name of the Vulnerable Software and Affected Versions: JS Archive List affected versions not specified Description: The software contains an Improper Neutralization of Special Elements used in an SQL Command vulnerability, which allows for SQL Injection. Recommendations: At the moment, there is n...

PT-2025-34074 · Frappé Technologies · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection...

D-Link DIR-818L Injection Vulnerability

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

Linux Distros Unpatched Vulnerability : CVE-2022-27387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL...

Linux Distros Unpatched Vulnerability : CVE-2022-27379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS...

Linux Distros Unpatched Vulnerability : CVE-2022-27377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL...

Linux Distros Unpatched Vulnerability : CVE-2022-27380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via...

CVE-2025-9156

The CVE-2025-9156 entry concerns itsourcecode Sports Management System 1.0. The issue is a SQL injection in /Admin/sports.php, triggered by manipulating the code parameter in an unknown function. Reports across multiple sources indicate remote exploitation is possible and that the exploit has bee...

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

CVE-2025-9140 Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetailmoduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible t...

CVE-2025-7670

CVE-2025-7670 – JS Archive List (WordPress) is a time-based SQL injection in the build_sql_where() path of all versions up to 6.1.5, due to insufficient escaping and query prep. This allows unauthenticated attackers to append SQL to existing queries and potentially leak sensitive data. Mitigation...

Moonshine 安全漏洞

Moonshine is a MoonShine open source admin panel software. A security vulnerability exists in Moonshine version v3.12.5, which stems from a parameter injection and could lead to an SQL injection attack...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...

CVE-2025-50926

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function...