Linux Distros Unpatched Vulnerability : CVE-2025-24368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

CVE-2023-41530

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the appcontact parameter in appsearch.php...

CesiumLab Web 注入漏洞

CesiumLab Web is a geographic information base data processing platform from China Earth Visualization Laboratory CesiumLab Inc. An injection vulnerability exists in CesiumLab Web 4.0 and earlier versions, which stems from a misuse of a parameter ID resulting in SQL injection...

CVE-2025-8702

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which is caused by incorrect operati...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

Easy Hosting Control Panel EHCP 安全漏洞

Easy Hosting Control Panel EHCP is a hosting control panel from Easy Hosting Control Panel, Inc. A security vulnerability exists in Easy Hosting Control Panel EHCP version v20.04.1.b. The vulnerability stems from an unfiltered id parameter in the Change Settings feature, which could lead to a SQL...

The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protective measures for SQL query structures, allows attackers to disclose protected information.

The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

CVE-2025-52914

CVE-2025-52914 affects Mitel MiCollab, specifically the Suite Applications Services component, with a SQL injection flaw caused by insufficient input validation. Affected software: MiCollab 10.0 through SP1 FP1 (10.0.1.101). The CVE describes that an authenticated attacker could run arbitrary SQL...

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...

CVE-2025-52914

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system developed by rickxy. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the classId and classArmName parameters in th...

WordPress plugin CleverReach 注入漏洞

WordPress CleverReach is a cloud-based enterprise email marketing software that supports integration with WordPress, WooCommerce and other platforms, providing automated marketing, personalized email delivery, A/B testing and more. WordPress CleverReach suffers from a SQL injection vulnerability...

WordPress plugin FileBird SQL注入漏洞

WordPress FileBird is a media library management plugin designed for WordPress to help users efficiently organize and manage their media files by providing features such as an intuitive folder system, drag-and-drop operation, search function and batch upload. WordPress FileBird suffers from a SQL...

HackerOne: DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API

The GraphQL API's 'verifyAccountRecoveryPhoneNumber' mutation was found to be vulnerable to denial-of-service attacks through mutation aliasing. The vulnerability allowed multiple aliases of the same mutation to be included in a single request, causing the server to process each mutation...

The vulnerability of the WeGIA web manager’s script /html/saude/profile_paciente.php, which allows a hacker to disclose confidential information

The vulnerability of the WeGIA web manager’s script /html/saude/profilepaciente.php is related to the failure to protect the SQL query structure when processing the parameter idfuncionario. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose confidential informati...