CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain security vulnerabilities. These vulnerabilities stem from the fact that video passwords are stored in the database as plain text, which may lead to the...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from SQL injections in the html/matPat/restaurarProduto.php endpoint, which could lead to a complete database breac...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

EUVD-2007-0100

Malware in sbrugna...

EUVD-2021-9316

Malicious code in bioql PyPI...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

ShinyHunters Target Chanel in Salesforce Linked Data Breach

ShinyHunters breached Chanel’s US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics...

GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

CVE-2024-37906

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the...

GitLab 11.6.0 < 13.5.6 / 13.6.0 < 13.6.4 / 13.7.0 < 13.7.2 (CVE-2021-22170)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content CVE-2021-22170 Note that Nessus has not tested for this issue but...

Complete Online Beauty Parlor Management System /admin-profile.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the adminname parameter of...

BIT-GITLAB-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

Exploit for SQL Injection in Rems School_Task_Manager

CVE-2024-24142: School-Task-Manager-System-SQL-Inject...

Intern Record System v1.0 - SQL Injection (Unauthenticated)

Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...

InfraGard infiltrated by cybercriminal

InfraGard, a partnership between the FBI and members of the private sector that was established to protect critical infrastructure in the US, has been infiltrated by a cybercriminal. As a result, its database of contact information is now for sale on an English-language cybercrime forum. InfraGar...

Gun Database Breach Leaks Details on Thousands of Owners

Plus: Indian hacker-for-hire groups, Chinese student espionage efforts, and more...

VoIPmonitor SQL注入漏洞

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification, revealed that a compromised token was abused to breach the database and...

CVE-2021-45411

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution...