Siemens SmartClient modules Opcenter QL Home 安全漏洞

Siemens SmartClient modules Opcenter QL Home is a client module from Siemens Germany. A security vulnerability exists in Siemens SmartClient modules Opcenter QL Home, which originates from the display of SQL statements in error messages and could lead to information disclosure...

PT-2025-32675 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.8.8008 Description: A SQL injection issue exists in Ivanti Avalanche. A remote authenticated attacker with admin privileges can execute arbitrary SQL queries. In certain conditions, this can also lead to...

PT-2025-32773 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: SQL Server affected versions not specified Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a potential SQL injection issue. This allows an authorized attacker to elevate...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti for managing mobile devices such as smartphones and tablets. Ivanti Avalanche suffers from a SQL injection vulnerability that originates when the program does not properly validate user-entered SQL statements, which can...

CVE-2025-55156

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service...

BIT-LIBPHP-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

SQL Injection Vulnerability in Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.

Gansu Province Dangerous Goods Depot Monitoring Platform is a digital management system for real-time monitoring of dangerous goods storage and transportation. There is a SQL injection vulnerability in the Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.,...

PT-2025-32592 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the add links parameter of the /json/add package API endpoint. This allows attackers...

CVE-2025-8809

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8809 code-projects Online Medicine Guide addelidetails.php sql injection

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

Linux Distros Unpatched Vulnerability : CVE-2025-24368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

CVE-2023-41530

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the appcontact parameter in appsearch.php...

CesiumLab Web 注入漏洞

CesiumLab Web is a geographic information base data processing platform from China Earth Visualization Laboratory CesiumLab Inc. An injection vulnerability exists in CesiumLab Web 4.0 and earlier versions, which stems from a misuse of a parameter ID resulting in SQL injection...

CVE-2025-8702

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which is caused by incorrect operati...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...