Apartment Management System add_m_committee.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for parameter ID in file /management/addmcommittee.php. An attacker can exploit th...

PT-2025-34952

Name of the Vulnerable Software and Affected Versions: St. Joe ERP System affected versions not specified Description: A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST...

CVE-2025-29515

Incorrect access control in the DELTfile.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password...

CVE-2025-57754

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

CVE-2025-50860

SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...

CVE-2025-57754 eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

CVE-2025-57754

CVE-2025-57754 affects eslint-ban-moment (plugin for ESLint) with versions 3.0.0 and earlier. The root cause is exposure of a sensitive Supabase URI in the .env file, which, if valid and contains embedded credentials, can grant an attacker complete unauthorized access and control over the databas...

CVE-2025-50860

SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...

PT-2025-34243 · WordPress · Eslint-Ban-Moment

Name of the Vulnerable Software and Affected Versions: eslint-ban-moment versions 3.0.0 and earlier Description: The eslint-ban-moment plugin exposes a sensitive Supabase URI in the .env file. A valid Supabase URI containing a username and password grants an attacker complete unauthorized access...

PT-2025-34226 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: A SQL Injection issue exists in the listdomains function of Easy Hosting Control Panel EHCP. Authenticated attackers can potentially access or manipulate database contents via the...

CVE-2025-50860

SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...

CVE-2025-50860

CVE-2025-50860 : EHCP (Easy Hosting Control Panel) 20.04.1.b contains an SQL injection in the listdomains function. The vulnerability arises from improper handling of the arananalan POST parameter in /index.php?op=listdomains, enabling authenticated attackers to access or manipulate backend datab...

CVE-2025-41689 Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access

An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data...

Linux Distros Unpatched Vulnerability : CVE-2017-14990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier...

PHPGurukul Online Shopping Portal Project 注入漏洞

Online Shopping Portal Project is an online shopping portal project. A SQL injection vulnerability exists in Online Shopping Portal Project, which originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /shopping/signup.php. An attacker can...

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID in the file /admin-inbox.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

[SECURITY] Fedora 42 Update: php-adodb-5.22.10-1.fc42

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

Vehicle Management /filter.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter.php. An attacker can exploit this vulnerability to execute illegal...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

CVE-2025-50466

OpenMetadata (OpenMetadata service)