EUVD-2024-1009

Malicious code in bioql PyPI...

EUVD-2022-30385

Malicious code in bioql PyPI...

PT-2025-37285

Name of the Vulnerable Software and Affected Versions: roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40 Description: A vulnerability exists in roncoo-pay that allows for direct request manipulation. The issue is related to the /auth/orderQuery file and an unknown function...

Linux Distros Unpatched Vulnerability : CVE-2024-1066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an...

The vulnerability of the software tools for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security monitoring and analysis tools FortiAnalyzer and FortiAnalyzer Cloud, stems from the lack of protective measures for the SQL query structure. This allows attackers to exploit the system to disclose sensitive information.

The vulnerability of the software solutions for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions of FortiAnalyzer and FortiAnalyzer Cloud, is related to the lack of protective measures for the SQL quer...

The vulnerability of the /html/atendido/Profile_Atendido.php script of the WeGIA web manager allows a perpetrator to disclose confidential information or cause service denial.

The vulnerability of the WeGIA web manager’s /html/atendido/ProfileAtendido.php script is related to the failure to protect the SQL query structure when processing the idatendido parameter. Exploiting this vulnerability can allow an attacker to disclose confidential information or cause service...

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Service Account Auditing service of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Service Account Auditing service in the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of security measures for the SQL query structure. Exploitation of this vulnerability could allow a malicious actor to...

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

The vulnerability of the GetTraces method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetTraces method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, rea...

The vulnerability of the Service Account Audit Data component of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the “Service Account Audit Data” component of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker,...

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-14491

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information...

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...

CVE-2025-32968

The CVE-2025-32968 issue affects XWiki Platform (org.xwiki.platform:xwiki-platform-oldcore) where a user with SCRIPT right can escape the HQL context via the script query API and perform blind SQL injection. Affected versions span 1.6-milestone-1 up to but not including 15.10.16, 16.4.6, and 16.1...