CVE-2025-31351

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

FoxCMS Field.php File SQL Injection Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

Impact It is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

Saviynt EOL OVA（Saviynt End of Life OVA） 安全漏洞

Saviynt EOL OVA Saviynt End of Life OVA is a lifecycle component from Saviynt. A security vulnerability exists in Saviynt EOL OVA Saviynt End of Life OVA that stems from improper authorization and could result in unauthorized access to a local database...

📄 Joomla 3.7.1 SQL Injection

Joomla version 3.7.1 proof of concept remote SQL injection exploit. Exploit Title: Joomla 3.7.1 - Sql Injection Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...

Security Bulletin: IBM i is vulnerable to a database access denial of service caused by a database capabilities bypass restriction check [CVE-2024-52895].

Summary IBM i is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

CVE-2025-3113

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

Vulnerabilities fixed in Siemens TeleControl Server

Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...

CVE-2025-3113 Improper Access Control in Delphix Masking Engine

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

CVE-2025-3113

CVE-2025-3113 affects Delphix Masking Engine via the built-in Connector feature that exposes Continuous Compliance’s internal database. The root cause is insufficient access control, enabling a valid, authenticated user with privileges to explore the internal database schema and export data, incl...

CVE-2025-3113 Improper Access Control in Delphix Masking Engine

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal...

PT-2025-16941

Name of the Vulnerable Software and Affected Versions Continuous Compliance affected versions not specified Description A valid, authenticated user with sufficient privileges can leverage the application's built-in Connector functionality to access Continuous Compliance's internal database,...

PT-2025-17144

Name of the Vulnerable Software and Affected Versions JoomSky JS Job Manager versions n/a through 2.0.2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2025-17190 · Unknown · Stylemix Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Stylemix Cost Calculator Builder versions 3.2.65 and earlier Description: The issue is related to an SQL Injection vulnerability, which allows attackers to inject malicious SQL commands. This is due to the improper neutralization of special...

PT-2025-17189 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions n/a through 5.9.4.8 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to execute malicious SQL...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32871

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...