TencentOS Server 3: postgresql:10 (TSSA-2023:0199)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0199 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-42983

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any...

WordPress File Provider plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress File Provider plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...

CVE-2025-42983 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any...

CVE-2025-42983

Affected product: SAP Business Warehouse and SAP Plug-In Basis. vulnerability: missing authorization checks allow an authenticated attacker to drop arbitrary SAP database tables and delete entries, potentially causing data loss and system unavailability; no data reading is possible. root cause: l...

PT-2025-24519 · Unknown · Alex Zaytseff Multi Cryptocurrency Payments

Name of the Vulnerable Software and Affected Versions: Alex Zaytseff Multi CryptoCurrency Payments versions n/a through 2.0.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injectio...

CVE-2025-5563

The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

PT-2025-24250 · Gamipress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

IBM DB2 DoS (7235069) (Windows)

According to it self-reported version number, IBM Db2 is affected by a remote code execution vulnerability as a database administrator of one database may execute code or read/write files from another database within the same instance. Note that Nessus has not tested for this issue but has instea...

Unsecured Database Exposes Data of 3.6 Million Passion.io Creators

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…...

[SECURITY] [DLA 4208-1] mariadb-10.5 security update

From: Otto Kekäläinen [email protected] To: [email protected] Subject: SECURITY DLA 4208-1 mariadb-10.5 security update - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4208-1 [email protected]...

CVE-2025-48757

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a...

CVE-2025-48757

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a...

CVE-2025-48757

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a...

CVE-2025-48757

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a...

CVE-2025-48757

CVE-2025-48757 concerns Lovable where an insufficient database Row-Level Security (RLS) policy up to 2025-04-15 could allow remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. Several sources (NVD, Red Hat, CVE.org, CNNVD, PT-Security) confirm the is...

PT-2025-23072 · Unknown · Likes/Dislikes Plugin

Name of the Vulnerable Software and Affected Versions: Likes and Dislikes Plugin versions up to, and including, 1.0.0 Description: The issue is related to SQL Injection via the post parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

CVE-2025-47575

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0...

CVE-2025-24353

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...