8980 matches found
PT-2026-5449
Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 12.1.0 through 12.1.3 Description The software may allow a local user to...
EUVD-2026-4778
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigevalua.aspx', could allow an attacker to...
PT-2026-4930
Name of the Vulnerable Software and Affected Versions Phpscript-sgh version 0.1.0 Description The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the id parameter. Exploitation involves crafting malicious payloads...
CVE-2021-47766
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling
Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...
[SECURITY] Fedora 42 Update: duc-1.4.6-1.fc42
Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...
EUVD-2025-204818
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-68110 ChurchCRM discloses database information on error message
ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue...
EUVD-2025-201610
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...
CVE-2025-22010
creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...
database/sql: Postgres Scan Race Condition
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...
EUVD-2025-178677
Malicious code in graphql-karma-cluster-mongodb npm...
database/sql: Postgres Scan Race Condition
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...
database/sql: Postgres Scan Race Condition
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...
CVE-2025-12201 ajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted upload
A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. ...
CVE-2025-62617
CVE-2025-62617 affects Admidio, an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection exists in the member assignment data retrieval feature. The vulnerability arises from directly concatenating the GET parameter (notably filter_rol_uuid ) into a SQL con...
CVE-2025-11979 Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...
DataEase SQL Injection Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...
ChanCMS SQL注入漏洞
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...