17 matches found
EUVD-2011-1062
Malware in sbrugna...
CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...
CVE-2025-9412
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...
CVE-2025-50465
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...
CVE-2025-50468
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...
CVE-2025-50465
OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...
CVE-2025-48881
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...
CVE-2025-48881 Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...
CVE-2025-29922
kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...
CVE-2024-57760
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java...
gymxmjpa 安全漏洞
gymxmjpa is a gym management system for liujianview individual developers. A security vulnerability exists in gymxmjpa version 1.0, which originates in the src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java file, where the subname parameter in the SubjectDaoImpl function contain...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...
CVE-2022-35603
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...
CVE-2022-35605
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc...
InventoryManagementSystem SQL注入漏洞
InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6071)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4137)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...