CVE-2024-7407 Weak password encoding in Streamsoft Prestiż

Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...

CVE-2025-30365

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/querygeracaoauto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL...

CVE-2025-30365 SQL Injection in query_geracao_auto.php

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/querygeracaoauto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL...

CVE-2025-30365 SQL Injection in query_geracao_auto.php

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/querygeracaoauto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL...

CVE-2025-30365

CVE-2025-30365 concerns WeGIA, a web manager for charitable organizations. The flaw is a SQL Injection in the endpoint "/WeGIA/html/socio/sistema/controller/query_geracao_auto.php" (parameter \query\\). Affected versions are prior to 3.2.8. Successful exploitation enables arbitrary SQL execution,...

PT-2025-13385 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A SQL Injection issue was identified in the "/WeGIA/html/socio/sistema/controller/query geracao auto.php" endpoint, specifically in the query parameter. This issue allows the execution of arbitrary S...

PT-2025-13071 · Unknown · Eli Ez Sql Reports Shortcode Widget/Db Backup

Name of the Vulnerable Software and Affected Versions: Eli EZ SQL Reports Shortcode Widget and DB Backup versions n/a through 5.25.08 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows SQL Injection. This means an attacker could potentially force...

UBUNTU-CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

dictionary.result.pk Cross Site Scripting vulnerability OBB-4040153

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-2511

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-2511 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-2250

The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-13809

The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-0959 Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the regid parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2024-13781 Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection

The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-1702

CVE-2025-1702 affects the WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin. It is a time-based SQL Injection via the search parameter in all versions up to 2.10.0 due to insufficient escaping and lack of proper query p...

Linux Distros Unpatched Vulnerability : CVE-2016-2047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sslverifyservercert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and...

Linux Distros Unpatched Vulnerability : CVE-2016-0596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10...

SQL Injection Vulnerability in KDDI Smart Cloud Platform of KDDI (Beijing) Co.

Ltd. is a company mainly engaged in technology development, technology promotion, technology transfer, technology consulting and technical services. Ltd. SQL injection vulnerability exists in KDDI Smart Cloud Platform, which can be exploited by attackers to obtain sensitive information from the...

RLSA-2025:1736 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...