CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-8273

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/updates8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-8250

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/updates4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has...

The vulnerability of the Mattermost instant messaging application, related to the failure to protect the SQL query structure, allows unauthorized access to the database.

The vulnerability of the Mattermost instant messaging application is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to the database...

Code-Projects Exam Form Submission 注入漏洞

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. An injection vulnerability exists in code-projects Exam Form Submission version 1.0, which originates from SQL injection due to manipulation of the parameter ID in the file /admin/deletes3.php...

Code-Projects Exam Form Submission 注入漏洞

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. An injection vulnerability exists in Code-Projects Exam Form Submission version 1.0, which originates from SQL injection due to manipulation of the parameter ID in the file /admin/deletes2.php...

GitLab Language Server 访问控制错误漏洞

GitLab Language Server is a language server from GitLab USA. An access control error vulnerability exists in GitLab Language Server versions prior to 7.6.0 through 7.30.0 that stems from insufficient input validation and could lead to arbitrary GraphQL query execution...

CVE-2025-8236

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/editproduct.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has...

Engeman Web SQL注入漏洞

Engeman Web is a maintenance management software from the Brazilian company Engeman. A SQL injection vulnerability exists in Engeman Web version 12.0.0.1 and earlier, which originates from an SQL injection caused by the parameter LanguageCombobox in the file /Login/RecoveryPass...

CampCodes Courier Management System 注入漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in Campcodes Courier Management System version 1.0, which originates from an SQL injection caused by the parameter ID in the file /editparcel.php...

WeGIA SQL Injection Vulnerability (CNVD-2025-17268)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/profiledependente.php endpoint iddependente parameter. An attacker could exploit this...

WeGIA SQL Injection Vulnerability (CNVD-2025-17264)

WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarEndereco.php endpoint...

Online Appointment Booking System addmanagerclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/addmanagerclinic.php...

WordPress Traveler plugin SQL Injection Vulnerability

WordPress Traveler plugin is a WordPress plugin designed for the travel industry , mainly used to create travel and trekking websites, support online booking system, itinerary management and other features. WordPress Traveler plugin suffers from a SQL injection vulnerability that stems from the...

WeGIA SQL Injection Vulnerability (CNVD-2025-17261)

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

Online Appointment Booking System deletedoctorclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/deletedoctorclinic.ph...

itsourcecode Insurance Management System 安全漏洞

itsourcecode Insurance Management System is an insurance management system from itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Insurance Management System, which is caused by a SQL injection due to incorrect manipulation of the agentid parameter in the fi...

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from an unvalidated viewid parameter that could lead to SQL injection...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, which stems from a misbehavior of the parameter sort in...

Vulnerability of the NetworkServlet.archiveTrapRange() function in the system for centrally managing network devices and ports of Advantech iView. This vulnerability allows a attacker to execute arbitrary code.

The vulnerability of the NetworkServlet.archiveTrapRange function in the system for managing network devices and ports of Advantech iView is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...