CVE-2025-2585

EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

EBM Technologies EBM Maintenance Center SQL注入漏洞

EBM Technologies EBM Maintenance Center is a maintenance center platform from China-based EBM Technologies EBM Technologies. A SQL injection vulnerability exists in EBM Technologies EBM Maintenance Center versions prior to 25.04.31435, which stems from an SQL injection that could lead to a remote...

ALSA-2025:2722 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

CVE-2025-0586

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...

CVE-2022-1367

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1372

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1378

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEpgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2024-41802

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to t...

CVE-2024-6795

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in...

CVE-2024-6796

In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...

Ubiquiti Networks UniFi Improper Access Control (CVE-2016-7792)

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

CVE-2025-0586

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...

CVE-2025-0586

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...

CVE-2025-0586 aEnrich Technology a+HRD - Insecure Deserialization

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...

CVE-2025-0586

CVE-2025-0586 concerns the a+HRD from aEnrich Technology with an Insecure Deserialization vulnerability that enables remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. The connected documents repeatedly state this insecure des...

PT-2025-3977 · Aenrich Technology · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD from aEnrich Technology affected versions not specified Description: The issue is related to an Insecure Deserialization vulnerability. This vulnerability allows remote attackers with database modification privileges and regular system...

CVE-2024-41767 IBM Engineering Lifecycle Optimization - Publishing SQL injection

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

Small CRM /admin/edit-user.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the id parameter of the /admin/edit-user.php file. An attacker can exploit this vulnerability to obtain sensitive information or...

PHPGurukul Small CRM 注入漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the id parameter of the /admin/quote-details.php file. An attacker can exploit this vulnerability to obtain sensitive information o...

PT-2024-38941 · WordPress · S2Member

Name of the Vulnerable Software and Affected Versions: s2Member plugin for WordPress versions up to, and including, 241114 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including user data and database configuration...