CVE-2026-39383

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

CVE-2026-42727

CVE-2026-42727 affects the WordPress plugin Profit-Products-Tables-for-WooCommerce (Active Products Tables for WooCommerce) ≤ 1.0.8. The root cause is improper neutralization of special elements used in SQL commands, enabling Blind SQL Injection. The impact is described as Blind SQL Injection; no...

CVE-2026-44515

CVE-2026-44515 : Nextcloud News is vulnerable to blind SSRF in versions prior to 28.3.0-beta.1. An authenticated user can add feeds by URL, including internal/private IPs or localhost, causing the server to perform server-side HTTP requests to attacker-controlled destinations without relaying res...

CVE-2026-45211

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions TRUE or FALSE into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the...

EUVD-2026-12387

NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality...

Farktor E-Commerce Package SQL注入漏洞

Farktor E-Commerce Package is an e-commerce platform developed by the Turkish company Farktor. The Farktor E-Commerce Package versions 27112025 and earlier have a SQL injection vulnerability. This vulnerability stems from improper neutralization of special elements, which may lead to blind SQL...

WordPress plugin Traveler SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2023-40474

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

CVE-2025-13872

CVE-2025-13872 affects ObjectPlanet Opinio 7.26 rev12562. The survey-import feature is vulnerable to Blind Server-Side Request Forgery (SSRF), allowing an attacker to force the server to issue HTTP GET requests to an arbitrary destination. Public details in the connected sources confirm the affec...

EUVD-2025-35676

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated...

EUVD-2022-51495

Malicious code in bioql PyPI...

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

PT-2025-39892

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description The software contains a blind server-side request forgery SSRF issue...

WordPress plugin ProfileGrid SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Exploit for SQL Injection in Projectworlds Online_Admission_System

CVE-2025-8471 SQL Injection PoC Author: Byte Reaper...