82372 matches found
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this vulnerability allows unverified attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
PT-2026-30507
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...
PT-2026-30497
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng profile id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng profile id parameter to extract sensitive database...
PT-2026-30503
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id project parameter. Attackers can send crafted requests with malicious SQL statements in the id project parameter to extract sensitive database...
PT-2026-30502
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort direction parameter. Attackers can submit malicious SQL statements in the sort direction parameter to extract sensitive database information or...
PT-2026-30492
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
SourceCodester Record Management System SQL注入漏洞
The SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the...
News Website Script SQL注入漏洞
News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...
qdPM SQL注入漏洞
qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...
Debian dsa-6197 : dovecot-auth-lua - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6197 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/securit...
Advance Gift Shop Pro Script SQL注入漏洞
Advance Gift Shop Pro Script is an e-commerce website script program within the PHP Scripts Mall community. Version 2.0.3 of Advance Gift Shop Pro Script contains a SQL injection vulnerability. This vulnerability allows unverified attackers to execute arbitrary SQL queries without being detected...
CVE-2026-27634
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...
EUVD-2026-18993
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
CVE-2026-1233
CVE-2026-1233 affects the WordPress plugin Text to Speech for WP (AI Voices by Mementor). All versions up to 1.9.8 contain hardcoded MySQL credentials for the vendor’s external telemetry server in the Mementor_TTS_Remote_Telemetry class, enabling unauthenticated actors to extract and decode these...
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
CVE-2026-1233
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
GHSA-6Q22-G298-GRJH Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver
Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...
SQL Injection
baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...