EUVD-2026-31313

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

PT-2026-31600

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description The Hydrosystem Control System does not properly enforce authorization for certain directories. This allows an unauthorized attacker to read all files within these directories and...

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

GHSA-MPP2-X7WV-38HV NocoDB has Plaintext Storage of Shared View Passwords

Summary Shared view passwords were stored in plaintext in the database and compared using direct string equality. Details The password column in ncviews stored unhashed passwords. Verification used !== comparison across public-datas.service.ts, public-metas.service.ts, and...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

EUVD-2005-2786

Malware in sbrugna...

EUVD-2020-2830

Malware in sbrugna...

EUVD-2007-2971

Malware in sbrugna...

EUVD-2018-20921

Malware in sbrugna...

EUVD-2025-27179

Malicious code in bioql PyPI...

EUVD-2025-28612

Malicious code in bioql PyPI...

EUVD-2025-10111

Malicious code in bioql PyPI...

WordPress Quiz Maker plugin SQL Injection Vulnerability

WordPress Quiz Maker plugin is a WordPress plugin for creating online quizzes, exams and questionnaires with multiple question types and customization support. WordPress Quiz Maker plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally...

OPEXUS FOIAXpress Public Access Link (PAL) SQL injection

RISK EVALUATION Successful exploitation could allow a remote, unauthenticated attacker to read, write, or delete any content in the underlying database. 2. RECOMMENDED PRACTICES Upgrade to FOIAXpress PAL version 11.13.1.0. 3. DESCRIPTION OPEXUS FOIAXpress Public Access Link PAL before version...

BIT-LIBPHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

CVE-2025-53639 Metersphere has SQL Injection Vulnerability in Sorting Field

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...

PT-2025-19919 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: This issue allows an unauthenticated attacker to inject an SQL statement, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the Sender a...

ZTE GoldenDB Input Validation Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An input validation vulnerability exists in ZTE GoldenDB, which can be...

Symfonia Ready_ SQL注入漏洞

Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. Symfonia Ready has an SQL injection vulnerability that stems from improper input cleanup in the Invoices module file search function, which could lead to ...

CVE-2024-8183

A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and...