Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, SQL injection, and others. The vulnerabilities have been addressed. CVE-2023-52425, CVE-2024-53908, CVE-2024-53907, CVE-2023-52426, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626,...

CVE-2025-0866

The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

Streamline Security: Automate Database Compliance with Qualys Cloud Agent

Compliance audit failures remain a critical challenge for organizations, particularly in database security. According to the 2024 Thales Data Threat Report, nearly 43% of companies failed at least one compliance audit in the past year. This is a significant concern because audit failures correlat...

CVE-2024-52902 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system...

CVE-2024-13491

The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13534

CVE-2024-13534 affects the WordPress plugin “Small Package Quotes – Worldwide Express Edition.” The issue is an unauthenticated SQL Injection via the edit_id and dropship_edit_id parameters in all versions up to and including 5.2.18, stemming from insufficient escaping and inadequate preparation ...

CVE-2024-13489

The CVE-2024-13489 entry concerns the WordPress plugin LTL Freight Quotes – Old Dominion Edition. Affected: all versions up to 4.2.10. Vulnerability: SQL Injection via parameters edit_id and dropship_edit_id due to insufficient escaping and lack of prepared statements in the existing SQL query. I...

CVE-2024-13676

CVE-2024-13676 affects the WordPress plugin Categorized Gallery Plugin (

CVE-2024-13712 Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection

The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

CVE-2022-41892

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in...

CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

CVE-2022-48592

A SQL injection vulnerability exists in the vendorcountry parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...

CVE-2022-48590

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2019-9918

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...

CVE-2024-52335

A vulnerability has been identified in syngo.plaza VB30E All versions VB30EHF05. The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL...

CVE-2024-52360

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2024-7385

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...