CVE-2025-10738

CVE-2025-10738 concerns the WordPress URL Shortener Plugin for WordPress. The initial description notes an Unauthenticated SQL Injection via the parameter ‘analytic_id’ in all versions up to and including 3.0.7, due to insufficient escaping and preparation of the SQL query. Connected documents (W...

PT-2025-50761

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an unauthenticated SQL injection issue. Remote attackers can manipulate database queries by injecting malicious SQL code through the msgid parameter. Crafted requests sent to the...

Linux Distros Unpatched Vulnerability : CVE-2025-12819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authenticati...

CVE-2025-12061

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

CVE-2025-12061 Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

EUVD-2025-37502

An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the Group parameter in the /uapi-cgi/viewer/Param.cgi script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19...

Exploit for Improper Validation of Certificate with Host Mismatch in Fortinet Fortiproxy

watchTowr-vs-FortiWeb-CVE-2025-25257 Detection Artifact Gener...

CVE-2025-9322

CVE-2025-9322 : WordPress plugin Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions (up to and including 8.3.1) is vulnerable to unauthenticated SQL Injection via the wpfs-form-name parameter. The issue arises from insufficient escaping of the user-suppli...

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

EUVD-2020-5746

Malware in sbrugna...

EUVD-2020-2834

Malware in sbrugna...

EUVD-2023-53564

Malicious code in bioql PyPI...

EUVD-2023-49641

Malicious code in bioql PyPI...

EUVD-2023-53583

Malicious code in bioql PyPI...

EUVD-2023-55595

Malicious code in bioql PyPI...

EUVD-2023-54340

Malicious code in bioql PyPI...

EUVD-2023-50960

Malicious code in bioql PyPI...

EUVD-2023-50868

Malicious code in bioql PyPI...

EUVD-2023-52752

Malicious code in bioql PyPI...