1985 matches found
PT-2025-31153 · Unknown +1 · Revelacode +1
Name of the Vulnerable Software and Affected Versions: RevelaCode versions prior to 1.0.1 Description: RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. A valid MongoDB Atlas URI with embedded username and password...
PT-2025-30947 · WordPress · Geodirectory – Wp Business Directory Plugin +1
Name of the Vulnerable Software and Affected Versions: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions prior to 2.8.98 Description: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is...
CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...
CVE-2025-41458
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem...
CVE-2025-49656
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...
CVE-2025-7343 Digiwin|SFT - SQL Injection
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-7918
WinMatrix3 Web package from Simopro Technology is affected by a SQL Injection vulnerability. The root cause is lack of input validation that allows unauthenticated attackers to inject SQL to read, modify, and delete database content. Affected component: WinMatrix3 Web package; impact includes hig...
CVE-2025-7638
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-54061
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarDoc.php endpoint. This vulnerability allo...
CVE-2025-54062
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
PT-2025-29991 · WordPress · Forminator Forms
Name of the Vulnerable Software and Affected Versions: Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions prior to 1.45.1 Description: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is susceptible to...
CVE-2025-54060
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarInfoPessoal.php endpoint. This...
CVE-2025-54062
Summary: CVE-2025-54062 affects WeGIA, an open source web manager. A SQL Injection flaw exists in versions prior to 3.4.6 in the /html/funcionario/profile_dependente.php endpoint, specifically in the id_dependente parameter. Root cause is lack of input validation for externally supplied SQL state...
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint, specifically in the cargo parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to...
CVE-2025-53937
WeGIA is affected by a SQL Injection in the /controle/control.php endpoint, specifically the cargo parameter, in versions prior to 3.4.5. The vulnerability allows execution of arbitrary SQL commands, compromising database confidentiality, integrity, and availability. Version 3.4.5 includes a fix....
CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint, specifically in the cargo parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to...
CVE-2025-50097
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
PT-2025-29321 · WordPress · Modern Events Calendar Lite
Name of the Vulnerable Software and Affected Versions: Modern Events Calendar Lite plugin for WordPress versions prior to 6.4.0 Description: The Modern Events Calendar Lite plugin for WordPress is susceptible to SQL Injection via the id parameter of the /wp ajax mec load single page API endpoint...