PT-2025-51317

Name of the Vulnerable Software and Affected Versions anirbandutta9 NEWS-BUZZ version 1.0 Description A SQL injection flaw exists in anirbandutta9 NEWS-BUZZ version 1.0. This allows a remote attacker to execute arbitrary code by using a crafted script. The vulnerability is due to insufficient inp...

ketr JEPaaS SQL注入漏洞

ketr JEPaaS is a low-code rapid development platform open-sourced by China's ketr ketr. A SQL injection vulnerability exists in ketr JEPaaS 7.2.8 and earlier versions, which stems from incorrect manipulation of the parameter keyWord in the file /je/postil/postil/readAllPostil, which could lead to...

CVE-2025-14666

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2025-14644

CVE-2025-14644 affects itsourcecode Student Management System 1.0. The vulnerability is an SQL injection in the /update_subject.php file triggered by manipulating the ID parameter, exploitable remotely. Public exploits exist per sources, and multiple feeds (NVD, Red Hat, EUVD, CNNVD, CVE records)...

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter chkId in the file /admin/viewunit.php, which could lead t...

EUVD-2025-203261

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

Code-Projects Prison Management System SQL注入漏洞

Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

PT-2025-50720

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2025-67520 WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...

EUVD-2025-201693

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /printpersonnelreport.php. This manipulation of the argument perid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2025-49539

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0. The issue affects code within the /edit user.php file. Manipulation of the fname argument can lead to a SQL...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12850

CVE-2025-12850 concerns the WordPress plugin “My auctions allegro”. It affects all versions up to and including 3.6.32 and enables a malicious actor to exploit an unauthenticated SQL Injection via the auction_id parameter. The root cause is insufficient escaping of user input and lack of proper q...

MGASA-2025-0320 Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...

CVE-2025-13495

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Advantech iView SQL注入漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...