1985 matches found
CVE-2019-15085
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form...
CVE-2019-10855
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
CVE-2013-0148
The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...
CVE-2019-10682
django-nopassword before 5.0.0 stores cleartext secrets in the database...
PT-2025-22542 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if...
CampCodes Sales and Inventory System /pages/supplier_add.php File SQL Injection Vulnerability
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. The CampCodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter Name in the file /pages/supplieradd.php for externally entered SQL...
CVE-2025-3751 TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability
The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information...
PT-2025-22399
Name of the Vulnerable Software and Affected Versions itech iLabClient version 3.7.1 Description The issue allows local attackers to read cleartext credentials for servers configured in the client from the local iLabClient database, specifically from the CONFIGS table. Recommendations For itech...
SQL Injection Vulnerability in UFIDA U8Cloud of UFIDA Network Technology Co.
UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A SQL injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...
PHPGurukul Daily Expense Tracker System 安全漏洞
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. The Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the email parameter of the file /forgot-password.php. An...
PT-2025-21695 · Wpgym · Wpgym
Name of the Vulnerable Software and Affected Versions: WPGYM versions prior to 65.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL Injection. This is due to the improper handling of...
OpenText Advance Authentication SQL注入漏洞
OpenText Advance Authentication is an enterprise-grade multi-factor authentication MFA and identity management platform from OpenText Canada that supports a zero-trust architecture. An SQL injection vulnerability exists in OpenText Advance Authentication versions prior to 6.5, which stems from...
BIT-PGPOOL-2025-22248
The PgPool II component into a Bitnami Pgpool II container image comes by default configured with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. This can be addressed by mounting and overwriting the Pgpool configuration file directly. If PgPool is exposed...
PT-2025-20844 · Siemens · Polarion
Name of the Vulnerable Software and Affected Versions: Polarion V2310 All versions Polarion V2404 versions prior to V2404.4 Description: The application insufficiently validates user input for database read queries, which could allow an authenticated remote attacker to conduct an SQL injection...
PT-2025-20879 · Unknown · Domainspro
Name of the Vulnerable Software and Affected Versions: DomainsPRO version 1.2 Description: The issue is an SQL injection vulnerability that could allow an attacker to retrieve, create, update, and delete databases. This is achieved via the d parameter in the "/article.php" endpoint...
PT-2025-20841 · Bitnami +2 · Bitnami/Postgres-Ha +3
Name of the Vulnerable Software and Affected Versions: bitnami/pgpool affected versions not specified bitnami/postgres-ha affected versions not specified Description: The bitnami/pgpool Docker image and the bitnami/postgres-ha k8s chart, under default configurations, come with a repmgr user that...
CVE-2025-1993
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...
CVE-2025-1993 IBM App Connect Enterprise Certified Container information disclosure
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...