PT-2026-48728

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description API tokens used to authenticate REST API requests are stored as plaintext strings within the api tokens database table. An attacker with read access to the database, obtained via methods such a...

CVE-2026-33867

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...

CVE-2026-33867

Summary of the CVE and details from connected sources : The vulnerability CVE-2026-33867 affects WWBN AVideo (and Red Hat, NVD, OSV, etc. references) in versions up to and including 26.0, where video passwords are stored in plaintext in the database without hashing or encryption. If an attacker c...

CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...

CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...

CVE-2026-28785 Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the...

EUVD-2026-9978

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

Flowring Docpedia SQL注入漏洞

Flowring Docpedia is a document management system developed by Flowring Corporation in China. Flowring Docpedia has a SQL injection vulnerability. This vulnerability arises from unvalidated remote attacks, allowing attackers to inject arbitrary SQL commands, potentially leading to the reading of...

EUVD-2025-36360

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to...

EUVD-2012-3408

Malware in sbrugna...

EUVD-2017-9537

Malware in sbrugna...

EUVD-2018-7589

Malware in sbrugna...

EUVD-2024-36875

Malicious code in bioql PyPI...

PT-2025-22516 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if...

PT-2025-16049 · Unknown · N-Media Bulk Product Sync

Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

PT-2025-1305 · Avi · Avi Load Balancer

Name of the Vulnerable Software and Affected Versions: Avi Load Balancer versions 30.1.1 through 30.2.2 Description: The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain...

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

Online Student Enrollment System SQL Injection Vulnerability (CNVD-2024-26368)

Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. Online Student Enrollment System version 1.0 suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-e...

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. This allows a hacker to gain access to the database by reading and writing data in the snmpmon.ini file.

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the database by reading and writing data ...