3895 matches found
SUSE CVE-2025-52995
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
Linux Distros Unpatched Vulnerability : CVE-2025-21540
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.40 and prior,...
CVE-2025-41373 SQL injection vulnerability in Gandia Integra Total
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in...
CVE-2025-41371 SQL injection vulnerability in Gandia Integra Total
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in...
CVE-2025-41370 SQL injection vulnerability in Gandia Integra Total
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php...
PT-2025-31635 · Tesi · Gandia Integra Total
Name of the Vulnerable Software and Affected Versions: Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1 Description: A SQL injection vulnerability exists in Gandia Integra Total of TESI. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete database...
Code-Projects Vehicle Management 注入漏洞
Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter vehicle in file /filter1.php. An attacker can exploit this vulnerability to execute illegal...
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
Exploit Title: Invision Community = 4.7.18. Proof of Concept https://karmainsecurity.com/pocs/CVE-2025-48932.php...
CVE-2025-52447
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux set-initial-sql tabdoc command modules allows Interface Manipulation data access to the production database cluster. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,...
CVE-2025-52446
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux tab-doc api modules allows Interface Manipulation data access to the production database cluster.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...
CVE-2025-52446
Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux tab-doc api modules allows Interface Manipulation data access to the production database cluster.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...
WordPress Funnel Builder by FunnelKit plugin SQL Injection Vulnerability
WordPress Funnel Builder by FunnelKit plugin is a professional sales funnel builder plugin for WordPress platform, which is mainly used to optimize the WooCommerce shopping process and increase the conversion rate. The WordPress Funnel Builder by FunnelKit plugin suffers from a SQL injection...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the getLast API when processing user-supplied table names. An attacker can execute arbitrary SQL statements on the underlying database by sending crafted API requests, potentially resulting in data theft, corruption,...
CVE-2025-4285
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32...
CVE-2025-7343 Digiwin|SFT - SQL Injection
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-7919 Simopro Technology|WinMatrix3 Web package - SQL Injection
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-7918
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
Library System approve.php File SQL Injection Vulnerability
Library System is a library system. Library System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /approve.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...
SIGNUM-NET FARA 信任管理问题漏洞
SIGNUM-NET FARA is a facility management software from SIGNUM-NET Poland. A trust management issue vulnerability exists in SIGNUM-NET FARA version 5.0.80.34 and prior versions, which stems from the use of hard-coded SQLite credentials that could lead to reading and manipulating local databases...
CVE-2025-6717 B1.lt for WooCommerce <= 2.2.56 - Authenticated (Subscriber+) SQL Injection
The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...