CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a security vulnerability that stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read, modify, and delete...

AMSS++ SQL注入漏洞

AMSS++ is a tool within the Amssplus office management support system. Version 4.31 of AMSS++ has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the id parameter of the modules/mail/main/maildetail.php script, which could allow attackers to access or modify...

EUVD-2023-0917

Malicious code in bioql PyPI...

EUVD-2024-16748

Malicious code in bioql PyPI...

EUVD-2025-27200

Malicious code in bioql PyPI...

CVE-2025-40636

SQL injection vulnerability in Joomla module modvvisitcounter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cipvvisitcounter’ cookie at all endpoints where the plugin counts visits...

Gotac Statistical Database System 访问控制错误漏洞

Gotac Statistical Database System is a statistical database system from Gotac Corporation in Taiwan, China. An access control error vulnerability exists in the Gotac Statistical Database System, which stems from a lack of authentication, and could allow an unauthenticated, remote attacker to read...

CVE-2023-48260

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-30352

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...

NetVision Information airPASS SQL注入漏洞

NetVision Information airPASS is an application from China-based NetVision Information. NetVision Information airPASS suffers from a SQL injection vulnerability that originates from a susceptibility to SQL injection attacks, which allows an unauthenticated, remote attacker to inject arbitrary SQL...

CVE-2024-9980

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents...

CVE-2024-9982

CVE-2024-9982 affects Esi Technology’s AIM LINE Marketing Platform. The vulnerability arises from improper validation of a specific query parameter, enabling an unauthenticated attacker to inject arbitrary FetchXml commands when the LINE Campaign Module is enabled, with read/modify/delete access ...

TEAMPLUS Team+ SQL注入漏洞

TEAMPLUS Team+ is an enterprise private cloud communication and collaboration platform from China Interactive Ares TEAMPLUS. A SQL injection vulnerability exists in TEAMPLUS Team+ v13.5.x. The vulnerability stems from incorrect validation of specific page parameters, which allows an...

PT-2024-15950 · Tenable · Nessus

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. Recommendations: At the moment, there is no information...

CVE-2023-48260

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

Cross site request forgery (csrf)

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...