204 matches found
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2009-4802
SQL injection vulnerability in the Flat Manager flatmgr extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2024-34936
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...
CVE-2025-63948
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...
CVE-2025-46268
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...
Arbitrary SQL Execution
Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...
Neuron 访问控制错误漏洞
Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron 2.8.11 and earlier versions, which stems from a lack of semantic...
CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
CVE-2025-63718
The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...
E-Commerce Website product_add_qty.php file SQL injection vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...
EUVD-2005-2691
Malware in sbrugna...
EUVD-2003-1206
Malware in sbrugna...
EUVD-2004-1834
Malware in sbrugna...
EUVD-2024-16762
Malicious code in bioql PyPI...
EUVD-2024-52675
Malicious code in bioql PyPI...
EUVD-2021-27771
Malicious code in bioql PyPI...
EUVD-2024-31511
Malicious code in bioql PyPI...
EUVD-2022-24847
Malicious code in bioql PyPI...
EUVD-2025-7076
Malicious code in bioql PyPI...