EUVD-2026-35387

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

IBM Cloud Pak for Data System SQL注入漏洞

IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. Version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain a SQL injection vulnerability. This vulnerability allows for SQL injection attacks, potentially enabling remo...

PT-2026-43282

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data System - Cyclops versions 11.3.0.2 through Interim Fix 002 Description SQL injection allows a remote attacker to send specially crafted SQL statements to the system. This could enable the attacker to view, add, modify, o...

CVE-2026-44863

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44860

CVE-2026-44860 describes SQL injection vulnerabilities in multiple service components exposed via the AOS-8 and AOS-10 CLI and management protocol. An authenticated attacker with administrative privileges can inject crafted input into parameters passed to backend queries, which could allow execut...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

CVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

EUVD-2025-209547

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

CVE-2025-70420

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-70420

Based on connected sources, CVE-2025-70420 concerns Genesys Latitude v25.1.0.420 where an authenticated attacker can execute arbitrary SQL queries due to unsanitized user input concatenated into SQL statements. The affected component is Genesys Latitude, version 25.1.0.420; root cause is input un...

CVE-2025-70420

...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2026-29496

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

IBM Storage Protect Server SQL注入漏洞

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

PT-2026-28247

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

EUVD-2026-13119

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

EUVD-2026-13120

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...