CVE-2025-1321

The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...

CVE-2025-1572

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the ‘uid’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

PT-2025-9149 · Woocommerce · Multilevel Referral Affiliate Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Multilevel Referral Affiliate Plugin for WooCommerce versions up to 2.27 Description: The issue allows authenticated attackers with Subscriber-level access and above to inject SQL queries, potentially extracting sensitive information from the...

CVE-2025-1751

CVE-2025-1751 affects Ciges 2.15.5 (ATISoluciones). The vulnerability is a SQL Injection in the /modules/ajaxBloqueaCita.php endpoint via the $idServicio parameter, enabling an attacker to retrieve, create, update, and delete database data. CVSSv3.1 base score 9.8 (N: network vector, low complexi...

ClickHouse < 1.1.54131

The version of ClickHouse installed on the remote host is prior to 1.1.54131. It is, therefore, affected by an access control vulnerability. An Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. Note that Nessus has not tested for...

CVE-2025-26616

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, exportardump.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

CVE-2024-13533

The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-26615

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, examples.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in...

CVE-2025-26615

CVE-2025-26615 affects WeGIA prior to 3.2.14, via a path traversal in the examples.php endpoint parameter 'src' that could disclose contents of config.php, potentially exposing database access details. The issue has been addressed in version 3.2.14; upgrade to mitigate. No public workarounds are ...

CVE-2025-26616 Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, exportardump.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored...

CVE-2025-26616

WeGIA (open source Web Manager) contains a Path Traversal vulnerability in the exportar_dump.php endpoint that could disclose sensitive data in config.php, potentially enabling direct database access. Affected versions are prior to 3.2.14. The issue has been addressed in version 3.2.14, and users...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

Learning Digital Orca HCM SQL注入漏洞

Learning Digital Orca HCM is a digital learning platform from China-based Learning Digital. Learning Digital Orca HCM suffers from a SQL injection vulnerability that stems from improper handling of SQL queries. An attacker can inject arbitrary SQL commands to read, modify, or delete database...

Pimcore Customer Data Framework SQL Injection Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in Pimcor...

CVE-2024-52895

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the...

CVE-2024-52895 IBM i denial of service

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the...

CVE-2024-52895 IBM i denial of service

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the...

CVE-2024-52895

CVE-2024-52895 affects IBM i 7.4, 7.5 (and 7.6 per IBM bulletin). The issue is a vulnerability where a bypass of a database capabilities restriction check allows a privileged attacker to remove or alter database infrastructure files, leading to a denial of service and possible incorrect behavior ...