Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...

Devolutions Server security vulnerabilities

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.12 contained a security vulnerability due to SQL injection vulnerabilities...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of parameters named “ID” in the file/worksheet/worksaddplan.jsp. This vulnerability may lead to S...

Intern Membership Management System /add_admin.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...

CVE-2026-1119

CVE-2026-1119 affects itsourcecode Society Management System 1.0. The vulnerability is in an unknown function of the file /admin/delete_activity.php, where manipulating the activity_id parameter can trigger a SQL injection. The attack can be launched remotely, and exploits have been published. Se...

Exploit for CVE-2025-67261

CVE-2025-67261 - Content-based blind SQL injection on Abacre R...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically the...

EUVD-2026-3145

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-14615

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

Wolters Kluwer Kmaleon SQL injection vulnerability

Wolters Kluwer Kmaleon is an automated case management software developed by the German company Wolters Kluwer. Version 1.1.0.205 of Wolters Kluwer Kmaleon contains a SQL injection vulnerability. This vulnerability stems from the SQL injection in the tipocomb parameter of the kmaleonW.php file,...

PT-2026-3025

Name of the Vulnerable Software and Affected Versions Itflow versions through 25.06 Description An SQL injection issue exists in Itflow due to insufficient sanitization of integer parameters. Specifically, the "role id" parameter is vulnerable when editing a profile. An attacker with administrati...

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37181

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37182 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from a SQL injection in the web management interface, which...

WordPress plugin Shipping Rate By Cities SQL注入漏洞

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

PT-2026-2913

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...