CVE-2025-9943

CVE-2025-9943 describes an SQL injection in the Shibboleth Service Provider (SP) when the replay cache uses an SQL store via the ODBC plugin. The root cause is insufficient escaping of single quotes in the class SQLString (odbc-store.cpp, lines 253–271), allowing a blind SQL injection by an unaut...

PT-2025-36976

Name of the Vulnerable Software and Affected Versions: OPEXUS FOIAXpress Public Access Link PAL versions prior to 11.13.1.0 Description: A SQL injection flaw exists in OPEXUS FOIAXpress Public Access Link PAL via the SearchPopularDocs.aspx page. A remote, unauthenticated attacker could potentiall...

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

CVE-2025-0280

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access...

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

CVE-2025-41034 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

CVE-2025-41032

The CVE-2025-41032 entry concerns appRain CMF 4.0.5 with an SQL injection vulnerability in the parameter data[Admin][username] of the /apprain/admin/manage/add/ endpoint. Reported to allow an attacker to retrieve, create, update, and delete data in the back-end database. The vulnerability is desc...

CVE-2025-41032 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

appRain CMF SQL注入漏洞

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...

CVE-2025-0280

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access...

CVE-2025-0280

CVE-2025-0280 affects HCL Compass. Multiple sources describe a vulnerability that could allow an attacker to gain unauthorized access to the database. The NVD entry lists CVSS 3.1 vectors: Local attack, high impact on confidentiality/integrity/availability, high attack complexity, low privileges ...

CVE-2025-0280 HCL Compass is affected by a security vulnerability

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access...

CVE-2025-0280 HCL Compass is affected by a security vulnerability

A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access...

HCL Compass 安全漏洞

HCL Compass is a low-code change management software from HCL India. Managing the full range of testing activities and integration with developer tools. HCL Compass suffers from a security vulnerability that stems from could lead to unauthorized access to the database by an attacker...

PT-2025-35783

Name of the Vulnerable Software and Affected Versions HCL Compass affected versions not specified Description A security vulnerability in HCL Compass can allow an attacker to gain unauthorized database access. Recommendations At the moment, there is no information about a newer version that...

Apartment Management System bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtBillType in the file /setting/billsetup.php. An attacker can exploi...

Simple Grading System edit_student.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editstudent.php. An attacker can exploit this vulnerability to execute...

CVE-2025-9600

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/membertypesetup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. T...

PT-2025-35323

Name of the Vulnerable Software and Affected Versions: Centurion ERP versions 1.12.0 through 1.20.999 Description: Centurion ERP is an ERP system focused on ITSM and automation. An authenticated user can view authentication token details, including the hashed token, within the database...