Linux Distros Unpatched Vulnerability : CVE-2022-27380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2022-27387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL...

Linux Distros Unpatched Vulnerability : CVE-2022-27377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL...

CVE-2025-9156

The CVE-2025-9156 entry concerns itsourcecode Sports Management System 1.0. The issue is a SQL injection in /Admin/sports.php, triggered by manipulating the code parameter in an unknown function. Reports across multiple sources indicate remote exploitation is possible and that the exploit has bee...

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

CVE-2025-9140 Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetailmoduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible t...

CVE-2025-7670

CVE-2025-7670 – JS Archive List (WordPress) is a time-based SQL injection in the build_sql_where() path of all versions up to 6.1.5, due to insufficient escaping and query prep. This allows unauthenticated attackers to append SQL to existing queries and potentially leak sensitive data. Mitigation...

Moonshine 安全漏洞

Moonshine is a MoonShine open source admin panel software. A security vulnerability exists in Moonshine version v3.12.5, which stems from a parameter injection and could lead to an SQL injection attack...

CVE-2025-50926

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function...

PT-2025-33859 · Itsourcecode · Sports Club Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Sports Management System version 1.0. The issue is located in an unknown function within the /Admin/sports.php file. Manipulation of t...

CVE-2025-52618

HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries...

CVE-2025-9053

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2025-54474

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-9027

A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and ma...

CVE-2025-8993

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-52823

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through = 1.16.8...

CVE-2025-52618

HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries...

CVE-2025-52618 HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability

HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries...

CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack...

CVE-2025-49897

CVE-2025-49897 affects the WordPress plugin Vertical scroll slideshow gallery v2 (versions