ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...

WordPress plugin JetSearch SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

Esri ArcGIS Server SQL注入漏洞

Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. An SQL injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4, and 11.5 that originates from unauthenticated input for a specific ArcGIS element service...

WordPress plugin Advanced Coupons for WooCommerce Coupons SQL注入漏洞

WordPress Advanced Coupons for WooCommerce Coupons plugin is a free plugin designed for WooCommerce to enhance e-commerce marketing by extending coupon functionality. WordPress Advanced Coupons for WooCommerce Coupons plugin suffers from a SQL injection vulnerability that stems from the...

WordPress Plugin AnyComment 安全漏洞

WordPress AnyComment plugin is a WordPress comment plugin based on React development, focusing on simplicity and speed. It provides basic commenting functionality and supports seamless migration from other plugins e.g. Jetpack, wpDiscuz, etc. and can be supported through GitHub or VK community...

PT-2025-43154

Name of the Vulnerable Software and Affected Versions Alexander AnyComment versions through 0.3.6 Description A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker t...

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2025-9428 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

CVE-2025-26392

SolarWinds Observability Self-Hosted is affected by CVE-2025-26392: an SQL injection vulnerability that can disclose sensitive data when authenticated from a low-privilege account. The issue affects the product as described in multiple sources (NVD, Red Hat/CIRCL/CVE lists and related advisories)...

WordPress TARIFFUXX plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

EUVD-2025-35101

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

CVE-2025-8052 HQL Injection vulnerability has been discovered in Opentext Flipper.

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-47902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-47902 SQL Injection in web resource

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-11691

The CVE-2025-11691 entry concerns the PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin. A SQL Injection exists in PPOM_Meta::get_fields_by_id() for all versions up to 33.0.15 due to insufficient escaping of user input and inadequate query preparation. The vulnerability is ex...

CVE-2025-62422 DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

Centreon Web SQL Injection Vulnerability (CNVD-2025-24418)

Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A security vulnerability exists in Centreon Web, which originates from an SQL injection on the Meta...

EUVD-2025-34799

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter...

CVE-2025-56700

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...