CVE-2025-2050

A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched...

CVE-2025-2067

A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...

Fedora 40 : exim (2025-e694138ac5)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e694138ac5 advisory. This is an update fixing possible remote SQL injection. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

CVE-2025-1840

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched...

CVE-2025-1832

CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...

CVE-2025-1812

A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-1576

A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajaxstate.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can ...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

DEBIAN-CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

UBUNTU-CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

SUSE CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

Exim < 4.98.1 SQL injection

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

CVE-2025-1374

CVE-2025-1374 affects code-projects Real Estate Property Management System 1.0. The vulnerability is in /search.php where manipulating parameters StateName, CityName, AreaName, or CatId allows SQL injection. It can be exploited remotely and the exploit has been disclosed publicly. Remediation/mit...

CVE-2025-1224

CVE-2025-1224 affects the ywoa system (up to 2024.07.03) with an SQL injection in the function listNameBySql of com/cloudweb/oa/mapper/xml/UserMapper.xml. The vulnerability arises from how the SQL is constructed in listNameBySql, allowing remote attackers to manipulate queries. Public disclosures...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet China. A security vulnerability exists in EsafeNet CDG version 5.6.3.154.20520250114, which originates from SQL injection and can be remotely exploited to manipulate the safetyGroupId parameter in the addPolicyToSafetyGroup.jsp...

CVE-2025-0210

A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be...

CyberoamOS (CROS) SQL Injection Vulnerability

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...