46 matches found
CVE-2026-4317
CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...
PT-2026-27185
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The objects/pluginRunDatabaseScript.json.php API endpoint accepts a name parameter via POST and passes it to the Plugin::getDatabaseFileName function...
GHSA-J7WH-X834-P3R7 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
Summary SiYuan Note v3.6.0 and likely prior versions contains an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database...
CVE-2025-26385
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...
Johnson Controls Metasys’ various products have security vulnerabilities
Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...
CVE-2022-37787
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...
Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution
Vulnerability description not provided...
CVE-2025-13506
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
EUVD-2019-16073
Malware in sbrugna...
EUVD-2021-24041
Malware in sbrugna...
EUVD-2022-51298
Malicious code in bioql PyPI...
EUVD-2022-51300
Malicious code in bioql PyPI...
EUVD-2025-11446
Malicious code in bioql PyPI...
EUVD-2022-51285
Malicious code in bioql PyPI...
EUVD-2022-51291
Malicious code in bioql PyPI...
EUVD-2025-11385
Malicious code in bioql PyPI...
EUVD-2022-51292
Malicious code in bioql PyPI...
CVE-2025-52914
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...
CVE-2025-32832
CVE-2025-32832 affects Siemens TeleControl Server Basic (versions
PHPGurukul Restaurant Table Booking System 安全漏洞
Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from an incorrect operation of the parameter username in the /admin/checkavailability.php file, which can lead to SQL injection. An...