CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-6970

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-7037

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database...

CVE-2025-42961

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized...

📄 WordPress Events Manager 7.0.3 SQL Injection

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

EUVD-2025-20877

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-7037

Ivanti Endpoint Manager contains a SQL injection vulnerability (CVE-2025-7037) that affects versions prior to 2024 SU3 and prior to 2022 SU8 Security Update 1. An authenticated remote attacker with admin privileges can read arbitrary data from the database. Remediation is to upgrade to Ivanti End...

CVE-2025-7037 SQL injection in Ivanti Endpoint Manager

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database...

CVE-2025-40712

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the idconcesion parameter in /FacturaE/DescargarFactura...

CVE-2025-40713

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/FacturaE/BusquedasFacturasSesion...

CVE-2025-40716

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action...

CVE-2025-40711

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the idconcesion parameter in /FacturaE/VerFacturaPDF...

CVE-2025-40714

Quiter Gateway is affected by an SQL injection in versions prior to 4.7.0. The vulnerability resides in the id_factura field of the endpoint /FacturaE/listado_facturas_ficha.jsp, allowing an attacker to retrieve, create, update and delete databases via that parameter. Impact is described as total...

CVE-2025-40713 SQL injection vulnerability in Quiter Gateway

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/FacturaE/BusquedasFacturasSesion...

PHPGurukul Zoo Management System 安全漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

PT-2025-28480 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue allows a remote authenticated attacker with admin privileges to read arbitrary data from the databa...

PT-2025-28411 · Unknown · Quiter Gateway

Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue allows an attacker to retrieve, create, update, and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action. This is a SQL injection vulnerability that...

PT-2025-28280 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application server for ABAP affected versions not specified Description: The issue is caused by a missing authorization check, allowing an authenticated user with high privileges to exploit insufficient validation of user...

PT-2025-28655 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue concerns the storage of encrypted data using AES encryption and CBC mode, which could provide weaker than expected security. An authenticated remote attacker with acces...

CVE-2025-7131

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveemployeeattendance. The manipulation of the argument employeeid leads to sql injection. The attack ca...