CVE-2025-27753

A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized...

CVE-2025-48935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

PT-2025-24133 · Unknown · Epicwin Plugin

Name of the Vulnerable Software and Affected Versions: Epicwin Plugin versions 1.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows SQL Injection in the Epicwin Plugin. Recommendations: For Epicwin Plugin versions 1.5 and earlier, as a...

CVE-2025-27753

CVE-2025-27753 affects RSJoomla! RSMediaGallery component for Joomla, versions 1.7.4 through 2.1.6. Root cause: unescaped user-supplied parameters used directly in SQL queries within the dashboard component, enabling authenticated attackers to inject SQL code. Effects include unauthorized databas...

CVE-2025-27753 Extension - rsjoomla.com - A SQLi vulnerability RSMediaGallery component 1.7.4 - 2.1.6 for Joomla

A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized...

PT-2025-23924 · Unknown · Media Gallery

Name of the Vulnerable Software and Affected Versions: RSMediaGallery component versions 1.7.4 through 2.1.6 Description: A SQL injection issue was discovered due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker ...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file /admin/between-date-complaintreport.php...

GHSA-8VXJ-4CPH-C596 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...

CVE-2025-48935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

PT-2025-23623 · Unicom · Unicom Focal Point

Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: An issue was discovered where the database is encrypted with a hardcoded key, making it easier to recover the cleartext data. Recommendations: For Unicom Focal Point version 7.6.1, consider changi...

CVE-2025-48949

Navidrome (open source music server) contains an SQL injection vulnerability in the API endpoint /api/artist, caused by improper input validation of the role parameter. Affected versions are 0.55.0 through 0.55.2; version 0.56.0 patches the issue. The flaw could allow an attacker to inject arbitr...

CVE-2025-40666

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

CVE-2025-40666

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

PT-2025-22899 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: Time-based blind SQL injection vulnerabilities in TCMAN's GIM allow an attacker to retrieve, create, update, and delete databases through the ArbolID parameter in "/GIMWeb/PC/frmPreventivosList.aspx"...

CVE-2024-13955

2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13928

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-25658

Cleartext storage of passwords in Infinera TNMS Transcend Network Management System Server 19.10.3 allows attackers with access to the database or exported configuration files to obtain SNMP users' usernames and passwords in cleartext...

CVE-2024-8658

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...