CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

CVE-2019-25538

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

CVE-2019-25528 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...

CVE-2019-25528

CVE-2019-25528 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the property1 parameter, exploitable via POST to /search/searchdetailed by unauthenticated attackers to read/alter data. Some sources note presence of PoCs/exploits. Public remediation/fixed det...

CVE-2019-25527 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via searchdetailed

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

CVE-2019-25526

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

PT-2026-24986

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

PT-2026-25077

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

PT-2026-24972

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

EUVD-2026-11351

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

Lenovo ThinkPad 安全漏洞

Lenovo ThinkPad is a portable computer by Lenovo Corporation. The Lenovo ThinkPad has a security vulnerability, which stems from improper initialization issues in the BIOS of certain ThinkPads. This vulnerability may allow local privileged users to modify data and execute arbitrary code...

PT-2026-24830

CVE-2026-0940 A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitra… https://t.co/vBlwyEDw2P...

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site...

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

EUVD-2026-10090

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

WordPress plugin MDJM Event Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-23811

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom fields controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custo...