EUVD-2026-2905

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

PT-2026-3206

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

PT-2026-3210

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents...

Vianeos OctoPUS SQL injection vulnerability

Vianeos OctoPUS is a video service middleware system developed by the French company Vianeos. Version 5 of Vianeos OctoPUS contains a SQL injection vulnerability. This vulnerability stems from a time-based blind SQL injection in the loginuser parameter, which may lead to information leakage...

Grocery Crud security vulnerability

Grocery Crud is an open-source software development tool created by Grocery Crud. Version 1.6.4 of Grocery Crud contains a security vulnerability, which stems from SQL injection in the orderby parameter, potentially allowing for manipulation of database queries...

Gotac Statistics Database System Access Control Vulnerability

The Gotac Statistics Database System is a statistical database system developed by Gotac in Taiwan, China. The Gotac Statistics Database System has an access control vulnerability, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to directly...

WeGIA SQL Injection Vulnerability

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.2 contained an SQL injection vulnerability. This vulnerability originated from the AtendidoocorrenciaControle endpoint, and it could lead to the exposure of database data...

Gotac Statistics Database System security vulnerabilities

The Gotac Statistics Database System is a statistical database system developed by Gotac in Taiwan, China. The Gotac Statistics Database System has a security vulnerability, which stems from an arbitrary file reading vulnerability. This vulnerability could allow unverified remote attackers to...

Fortinet FortiClient EMS Authenticated SQLi (FG-IR-25-735)

The version of Fortinet FortiClient EMS installed on the remote host is affected by a vulnerability as referenced in the FG-IR-25-735 advisory: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow an authenticated...

MiracleLinux 7 : keepalived-1.3.5-8.el7 (AXSA:2019-3747:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3747:01 advisory. Security Fix - keepalived DoSCVE-2018-19115 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux...

PT-2026-3205

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

MiracleLinux 7 : mysql55-mysql-5.5.52-1.el7 (AXSA:2016-716:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-716:03 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

GHSA-HM9J-CGMM-2W36 Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 5, 2026 to January 11, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

EUVD-2026-2758

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...