Siemens SmartClient modules Opcenter QL Home 安全漏洞

Siemens SmartClient modules Opcenter QL Home is a client module from Siemens Germany. A security vulnerability exists in Siemens SmartClient modules Opcenter QL Home, which originates from the display of SQL statements in error messages and could lead to information disclosure...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti for managing mobile devices such as smartphones and tablets. Ivanti Avalanche suffers from a SQL injection vulnerability that originates when the program does not properly validate user-entered SQL statements, which can...

PT-2025-32592 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the add links parameter of the /json/add package API endpoint. This allows attackers...

CVE-2025-8809

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

Linux Distros Unpatched Vulnerability : CVE-2025-24368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

CVE-2023-41530

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the appcontact parameter in appsearch.php...

CesiumLab Web 注入漏洞

CesiumLab Web is a geographic information base data processing platform from China Earth Visualization Laboratory CesiumLab Inc. An injection vulnerability exists in CesiumLab Web 4.0 and earlier versions, which stems from a misuse of a parameter ID resulting in SQL injection...

CVE-2025-8702

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which is caused by incorrect operati...

CVE-2025-52914

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...

Easy Hosting Control Panel EHCP 安全漏洞

Easy Hosting Control Panel EHCP is a hosting control panel from Easy Hosting Control Panel, Inc. A security vulnerability exists in Easy Hosting Control Panel EHCP version v20.04.1.b. The vulnerability stems from an unfiltered id parameter in the Change Settings feature, which could lead to a SQL...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protective measures for SQL query structures, allows attackers to disclose protected information.

The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

CVE-2025-52914

CVE-2025-52914 affects Mitel MiCollab, specifically the Suite Applications Services component, with a SQL injection flaw caused by insufficient input validation. Affected software: MiCollab 10.0 through SP1 FP1 (10.0.1.101). The CVE describes that an authenticated attacker could run arbitrary SQL...

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

The vulnerability of the WeGIA web manager’s script /html/saude/profile_paciente.php, which allows a hacker to disclose confidential information

The vulnerability of the WeGIA web manager’s script /html/saude/profilepaciente.php is related to the failure to protect the SQL query structure when processing the parameter idfuncionario. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose confidential informati...