CVE-2026-56272 Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

CVE-2026-46622

SolidInvoice before v2.3.17 stores API tokens in plaintext in the api_tokens database table. If an attacker gains read access to the database (e.g., via SQL injection, leaked backups, misconfigured replicas, or insider access), they can immediately obtain all API credentials for every user with n...

CVE-2026-46622 SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain security vulnerabilities. These vulnerabilities stem from the fact that video passwords are stored in the database as plain text, which may lead to the...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from SQL injections in the html/matPat/restaurarProduto.php endpoint, which could lead to a complete database breac...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

EUVD-2007-0100

Malware in sbrugna...

EUVD-2021-9316

Malicious code in bioql PyPI...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

ShinyHunters Target Chanel in Salesforce Linked Data Breach

ShinyHunters breached Chanel’s US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics...

GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

CVE-2024-37906

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the...

GitLab 11.6.0 < 13.5.6 / 13.6.0 < 13.6.4 / 13.7.0 < 13.7.2 (CVE-2021-22170)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content CVE-2021-22170 Note that Nessus has not tested for this issue but...

Complete Online Beauty Parlor Management System /admin-profile.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the adminname parameter of...

BIT-GITLAB-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

Exploit for SQL Injection in Rems School_Task_Manager

CVE-2024-24142: School-Task-Manager-System-SQL-Inject...

Intern Record System v1.0 - SQL Injection (Unauthenticated)

Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...

InfraGard infiltrated by cybercriminal

InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGar...