PT-2026-25723

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

GO-2025-4136 authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io

authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

Design and Detection of Covert Man-In-The-Middle Cyberattacks on Water Treatment Plants

Cyberattacks targeting critical infrastructures, such as water treatment facilities, represent significant threats to public health, safety, and the environment. This paper introduces a systematic approach for modeling and assessing covert man-in-the-middle MitM attacks that leverage system...

CVE-2025-57515

A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses...

EUVD-2018-20757

Malware in sbrugna...

CVE-2025-57515

The CVE-2025-57515 entry concerns Uniclare Student Portal v2, where a SQL injection flaw exists in input fields. The vulnerability enables attackers to inject arbitrary SQL commands and, per sources, can leverage time-delay functions to infer database responses. Documented affected component is t...

CVE-2025-57515

A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses...

CVE-2025-57515

A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses...

📄 Feng Office 3.5.1.5 SQL Injection

Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

increaseTotalVotingPower() can be front-ran by an attacker with a call to rageQuit() in order to withdraw more assets than the attacker should be able to claim.

Lines of code Vulnerability details Overview of the vulnerability / PoC The function increaseTotalVotingPower in PartyGovernanceNFT does not have a front-running protection against rageQuit allowing a user to walk away with more assets than he should. An example of the attack 1. A party member...

CVE-2023-40182

CVE-2023-40182 describes a timing-based information disclosure in the Recovery form of Silverware Games, where response time differed depending on whether the provided email exists in the database. The issue affects versions prior to 1.3.7 and is fixed by upgrading to 1.3.7. Connected sources (Re...

Unbounded Chainlink oracle time delay vulnerability

Lines of code Vulnerability details Summary The contract OndoPriceOracleV2 allows for the owner to set an association between an fToken and a Chainlink oracle for price retrieval. The contract also allows the owner to set a maxmum amount of time delay that it will tolerate from all Chainlink...

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

[NAZ-M2] Missing Time locks

Lines of code Vulnerability details Impact When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them ...

Medical Store Management System 1.0 SQL Injection Vulnerability

Title: Medical Store Management System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://github.com/abhisheks008 Software: https://github.com/abhisheks008/Medical-Store-Management-System CVE-Medical Store Management System v1.0 Description: The cid parameter fom customer-add.php app...

IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...

IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated) Vulnerability

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows 10, XAMPP...

Mail.ru: OS command injection on seedr.ru

site: https://seedr.ru The seedid parameter be vulnerable to OS command injection attacks. It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time...

Single-step process for critical admin transfer is risky

Handle 0xRajeev Vulnerability details Impact LongShort and Staker contracts have the notion of an “admin” address that is used within onlyAdmin or adminOnly modifiers for granting authorization to critical functions. Such contracts use a single-step ownership transfer of such admin addresses usin...