398 matches found
PT-2025-37051
Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A critical issue exists in HuangDou UTCMS version 9 related to SQL injection. The vulnerability affects the RunSql function within the app/modules/ut-data/admin/mysql.php file. Manipulation of the sql...
CVE-2025-58761
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...
CVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...
PT-2025-36564
Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...
maccms10 SQL注入漏洞
maccms10 is magicblack open source PHP+MYSQL environment to run a set of perfect and powerful rapid site-building system. maccms10 2025.1000.4050 version of the SQL injection vulnerabilities exist in the file application/admin/controller/Database. maccms10 2025.1000.4050 version of the SQL...
Siemens Apogee PXC and Talon TC Devices
SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a...
CVE-2025-51092
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...
Secure LogIn and SignUp API in PHP 安全漏洞
Secure LogIn and SignUp API in PHP is a security interface software by Vishnu Sivadas Individual Developer. A security vulnerability exists in Secure LogIn and SignUp API in PHP, which stems from an insecure SQL query construct in DataBase.php that could lead to SQL injection...
CVE-2025-51092
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...
CVE-2025-51092
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...
CVE-2025-51092
The CVE-2025-51092 entry concerns the LogIn-SignUp project by VishnuSivadasVS. The underlying issue is SQL Injection due to unsafe SQL query construction in DataBase.php: logIn() and signUp() concatenate user input and unvalidated table names instead of using prepared statements. Although a prepa...
Linux Distros Unpatched Vulnerability : CVE-2022-47927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data...
PMTicket Project-Management-Software 注入漏洞
PMTicket Project-Management-Software is an agile project management and issue tracking system from PMTicket open source. An injection vulnerability exists in pmTicket Project-Management-Software, which stems from SQL injection due to incorrect manipulation of the parameter userid of the function...
CVE-2024-45894
BlueCMS 1.6 suffers from Arbitrary File Deletion via the filename parameter in an /admin/database.php?act=del request...
CVE-2022-23651
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2011-5280
Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service crash via a long trickle-up to 1 client/cstrickle.cpp or 2 db/dbbase.cpp...
CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
CVE-2024-10513 Path Traversal in mintplex-labs/anything-llm
A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the...
PT-2025-12043 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.2.2 Description: A path traversal vulnerability exists in the 'document uploads manager' feature, allowing users with the 'manager' role to access and manipulate the 'anythingllm.db' database fil...
lmxcms 注入漏洞
lmxcms dream cms is a website builder from China Dream Cms lmxcms company. An injection vulnerability exists in lmxcms version 1.41, which originates from the file db.inc.php of the component Maintenance that can lead to code injection...