CVE-2026-40993 Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

EUVD-2018-21949

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25425

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

CI4MS 输入验证错误漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. In versions 0.31.1.0 to 0.31.8.0 of CI4MS, there was a vulnerability related to input validation errors. This vulnerability stemmed from the deleteProcess operation not verifying whether the table name in the POST parameter...

CVE-2026-4119

CVE-2026-4119 affects the WordPress plugin Create DB Tables (versions up to and including 1.2.1). The vulnerability arises from missing capability checks and nonce verification in admin_post hooks for creating and deleting tables, allowing any authenticated user (including Subscribers) to execute...

CVE-2026-3138

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via wpajaxnopriv...

CVE-2019-25594

ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigge...

CVE-2019-25594 ASPRunner.NET 10.1 Denial of Service via Table Name Field

ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigge...

CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

CVE-2020-37186

CVE-2020-37186 affects Chevereto 3.13.4 Core. The vulnerability arises in the database configuration installation where the database table prefix parameter can be manipulated to write a PHP shell file and execute arbitrary system commands via a crafted POST request. Impact is high: remote code ex...

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

📄 Abacre Retail Point of Sale 14.0.0.396 SQL Injection

Abacre Retail Point of Sale version 14.0.0.396 suffers from a remote blind SQL injection vulnerability. CVE-2025-67261 - Content-based blind SQL injection on Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that stems from the utilization of the defVals parameter that can bypass field-level access checks and may result in the insertion of arbitrary data into exclusion fields prohibited by a...

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

EUVD-2008-1918

Malware in sbrugna...

EUVD-2016-7531

Malware in sbrugna...

EUVD-2016-9457

Malware in sbrugna...

CVE-2025-42983

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any...

CVE-2020-36668

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backupguardgetmanualmodal function called via an AJAX action. This makes it possible for...