CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

PT-2025-32681 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

IBM Db2 for Linux Buffer Overflow Vulnerability

IBM Db2 for Linux is a relational database management system from IBM. A stack-based buffer overflow vulnerability exists in IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2, which stems from the db2fm component not adequately checking boundaries. A local user can exploit this vulnerability ...

CVEMAP 1.0.0

CVEMAP is a command-line interface CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases...

Jingmen Zeyou Large File Upload Control 注入漏洞

Jingmen Zeyou Large File Upload Control Zeyou full-platform file transfer solution is a file transfer security storage platform from Jingmen Zeyou Jingmen Zeyou. Jingmen Zeyou Large File Upload Control 6.3 and previous versions have an injection vulnerability, the vulnerability stems from the...

Lenovo Vantage 安全漏洞

Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage that stems from the presence of a SQL injectio...

CVE-2025-7037

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database...

CVE-2025-27151

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

CVE-2024-42607

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/adminbackup.php?dobackup=database...

CVE-2022-46051

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks...

CVE-2022-2813

A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400...

CVE-2021-26966

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacke...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

CVE-2025-21861

A vulnerability was found in the Linux kernel's memory migration system in the migratedevicefinalize function, where a folio that should be freed is erroneously added back into the Least Recently Used LRU list. This issue can lead to memory corruption caused by a use-after-free issue when a...

MAL-2025-1801 Malicious code in epicagames-database (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-22351

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in penguinarts Contact Form 7 Database – CFDB7 advanced-cf7-database allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through = 1.0.0...

CVE-2024-56362

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

CVE-2024-11714 WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...