SQL-injection-explained

SQL-injection-explained Todays topic: SQL Injections Here is y...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

Doruk Wispotter 安全漏洞

Doruk Wispotter is a WiFi hotspot management and marketing system developed by the Turkish company Doruk. Versions of Wispotter from 1.0 up to v2025.10.08.1 contained security vulnerabilities. These vulnerabilities were due to improper restrictions on authentication attempts and inadequate...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Delinea Cloud Suite has a security vulnerability that stems from inconsistent interpretation of HTTP requests, which may lead to HTTP request payload attacks...

lily 缓冲区错误漏洞

Lily is a programming language developed by FascinatedBox’s individual developers. Versions of Lily prior to 2.3 contained a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the counttransforms function located in the src/lilyemitter.c file, which could lead to...

SQUIRREL 安全漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier have security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the SQObjectPtr::operator function in the sqobject.h library,...

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2026-2247

CVE-2026-2247 describes an SQL injection in Clicldeu SaaS during report generation via the mobile app’s Day-to-day section. The vulnerability arises when a previously authenticated remote attacker uses a malicious payload in the URL generated after downloading a student’s report card, with the PD...

CVE-2026-2247 SQL Injection in Clickedu's SaaS platform

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

LibrarySystem 访问控制错误漏洞

LibrarySystem is a book management system developed by Walton’s individual developers. Versions of LibrarySystem prior to 1.1.1 contained an access control vulnerability. This vulnerability stemmed from improper access control in the BookController.java file, which could lead to remote attacks...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains a code vulnerability. This vulnerability stems from a deserialization issue in the importDocumentFromZip function of the component in the file...

cskefu（春松客服） 跨站脚本漏洞

cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu prior to 8.0.1 contained a cross-site scripting vulnerability. This vulnerability originated from a cross-site scripting issue in the Upload function of...

Intellicise Wireless Networks Meet Agentic AI: A Security and Privacy Perspective

Intellicise Intelligent and Concise wireless network is the main direction of the evolution of future mobile communication systems, a perspective now widely acknowledged across academia and industry. As a key technology within it, Agentic AI has garnered growing attention due to its advanced...

Notepad2 代码问题漏洞

Notepad2 is a text editor developed by Florian Balmer. Versions 4.2.22, 4.2.23, 4.2.24, and 4.2.25 of Notepad2 have code vulnerabilities. These vulnerabilities stem from an uncontrolled search path in the Msimg32.dll library, which could lead to local attacks...

Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

As the capabilities of large language models continue to advance, so does their potential for misuse. While closed-source models typically rely on external defenses, open-weight models must primarily depend on internal safeguards to mitigate harmful behavior. Prior red-teaming research has largel...

Total VPN 代码问题漏洞

Total VPN is a virtual private network service software provided by the American company Total VPN. Version 0.5.29.0 of Total VPN has a code vulnerability. This vulnerability stems from an issue with search paths in the file C:Program FilesTotal VPNwin-service.exe that are not enclosed in quotati...

CVE-2026-2540

The CVE-2026-2540 entry describes a flaw in the Micca KE700 system where flawed resynchronization logic allows replay of previously captured codes in a specific sequence. This enables the system to accept stale rolling codes, potentially executing a command and cloning the alarm key, which could ...

Micca KE700 安全漏洞

The Micca KE700 is a source bookshelf speaker from the Micca company. The Micca KE700 has a security vulnerability, which stems from a flaw in the logic for resynchronization. This vulnerability could lead to replay attacks, allowing attackers to clone alarm keys and gain unauthorized access to...

PT-2026-8235

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

Unidocs ezPDF DRM Reader和Unidocs ezPDF Reader 代码问题漏洞

Unidocs ezPDF DRM Reader and Unidocs ezPDF Reader are PDF readers developed by Unidocs, a company from South Korea. There are code vulnerabilities in Unidocs ezPDF DRM Reader and Unidocs ezPDF Reader 2.0, as well as Unidocs ezPDF Reader 3.0.0.4. These vulnerabilities stem from uncontrolled search...