Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

CVE-2026-4004

CVE-2026-4004 affects the WordPress Task Manager plugin up to version 3.0.2. The vulnerability stems from missing capability checks in the callback_search() function and insufficient input validation that lets shortcode syntax (square brackets) pass through sanitize_text_field() and be concatenat...

EUVD-2026-5723

A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...

PT-2026-6911

Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in the processing of the /admin/message/search.php file within the software. Manipulating the term argument can result in SQL injection. This issue can be exploite...

GHSA-4HC4-8599-XH2H OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

PT-2026-6773

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application does not properly sanitize the term parameter before usin...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750 Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12750

CVE-2025-12750 affects Groundhogg plugin for WordPress (

Advantech iView SQL Injection Vulnerability (CNVD-2025-31063)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

EUVD-2018-7026

Malware in sbrugna...

EUVD-2002-1682

Malware in sbrugna...

EUVD-2006-1806

Malware in sbrugna...

EUVD-2018-20722

Malware in sbrugna...

EUVD-2018-7031

Malware in sbrugna...

CVE-2022-40119

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...

CVE-2022-40120

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...

Q4 Investor Relations Platform 安全漏洞

Q4 Investor Relations Platform is an investor relations platform from Q4 Canada. A security vulnerability exists in Q4 Investor Relations Platform version v5.147.1.2, which stems from an unfiltered input to the SearchTerm parameter in the search function, and could lead to a cross-site scripting...