323 matches found
EUVD-2024-0707
Malicious code in bioql PyPI...
EUVD-2022-24609
Malicious code in bioql PyPI...
CVE-2025-56162
YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...
CVE-2025-59814 Unauthenticated SQL-injection in password field
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database...
VulnCheck KEV: CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...
Linux Distros Unpatched Vulnerability : CVE-2020-15153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaroun...
VulnCheck KEV: CVE-2025-32814
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur...
Exploit for CVE-2025-5287
Description: It is an exploit code that works for multiple...
CVE-2024-25833
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...
CVE-2023-45336
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2021-24295
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...
CVE-2025-26086
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...
CVE-2025-26086
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...
VulnCheck KEV: CVE-2025-24799
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...
CVE-2024-50706
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...
WordPress Small Package Quotes – For Customers of FedEx plugin <= 4.3.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – For Customers of FedEx versions = 4.3.1...
WordPress LTL Freight Quotes – TForce Edition plugin <= 3.6.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – TForce Edition versions = 3.6.4...
PT-2025-3478 · Easyvirt · Easyvirt Dcscope +1
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary SQL commands. This can be achieved via the username or password...
PT-2025-1305 · Avi · Avi Load Balancer
Name of the Vulnerable Software and Affected Versions: Avi Load Balancer versions 30.1.1 through 30.2.2 Description: The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain...
WordPress Super Socializer plugin <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey' vulnerability
Unauthenticated Limited SQL Injection via 'SuperSocializerKey' vulnerability discovered by mikemyers in WordPress Plugin Super Socializer versions = 7.14...