122 matches found
CVE-2018-25410
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...
Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak
Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files...
ICZ MATCHA INVOICE SQL注入漏洞
ICZ MATCHA INVOICE is an invoice management system developed by the Japanese company ICZ. Versions of ICZ MATCHA INVOICE 2.6.6 and earlier contained a SQL injection vulnerability. This vulnerability made the system susceptible to SQL injection attacks, potentially leading to the extraction or...
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...
Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope
Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025...
CVE-2025-66434
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2020-17821
Malware in sbrugna...
EUVD-2021-0023
Malware in sbrugna...
EUVD-2024-43552
Malicious code in bioql PyPI...
EUVD-2022-51511
Malicious code in bioql PyPI...
EUVD-2023-32296
Malicious code in bioql PyPI...
EUVD-2024-37830
Malicious code in bioql PyPI...
EUVD-2022-51525
Malicious code in bioql PyPI...
EUVD-2022-51517
Malicious code in bioql PyPI...
EUVD-2023-44299
Malicious code in bioql PyPI...
CVE-2023-37270
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...
CVE-2022-4159
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive...
Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…...
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
The trove has now been taken down but included users’ logins for platforms including Apple, Google, and Meta, plus services from multiple governments...