4662 matches found
EUVD-2025-4785
Malicious code in bioql PyPI...
EUVD-2024-45919
Malicious code in bioql PyPI...
EUVD-2024-43472
Malicious code in bioql PyPI...
EUVD-2024-49487
Malicious code in bioql PyPI...
EUVD-2025-10596
Malicious code in bioql PyPI...
CVE-2025-61603
WeGIA (web manager for charitable institutions) versions 3.4.12 and earlier contain an SQL Injection in /controle/control.php via the descricao parameter, enabling attackers to execute arbitrary SQL commands and compromise database confidentiality, integrity, and availability. The issue is fixed ...
Exploit for CVE-2025-56380
CVE-2025-56380 — Time-based Blind SQL Injection in Frappe / ER...
CVE-2025-8122
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...
CVE-2025-8122
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...
CVE-2025-8122
The connected Red Hat advisory details CVE-2025-7063 as a PAD CMS vulnerability where an unauthenticated attacker can exploit client-controlled permission checks to upload arbitrary files (any type/extension) through the file upload functionality, enabling Remote Code Execution. Affected are all ...
CVE-2025-8121 Blind SQL Injection in PAD CMS
Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...
PT-2025-39970
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user within the article positioning functionality, leading to potential Blind SQL...
PT-2025-39971
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user in the article positioning functionality, leading to Blind SQL Injection...
CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...
CVE-2025-60108
CVE-2025-60108 (LambertGroup - AllInOne - Banner with Thumbnails) is a SQL Injection vulnerability in the WordPress plugin, allowing improper neutralization of input elements. Affected: LambertGroup - AllInOne - Banner with Thumbnails (up through version 3.8). Impact per CVSS: high confidentialit...
PT-2025-39555
Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Banner with Thumbnails versions through 3.8 Description A flaw exists in LambertGroup - AllInOne - Banner with Thumbnails that allows for Blind SQL Injection due to improper neutralization of special elements used in ...
PT-2025-38315
Name of the Vulnerable Software and Affected Versions Logo Software Retail Sales Management versions through 20250918 Logo Software Diva versions through 4.56.00.00 Description A SQL injection issue exists in Logo Software Retail Sales Management and Diva due to improper neutralization of special...
SUSE CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...