82206 matches found
CVE-2025-25652
CVE-2025-25652 affects Eptura Archibus 2024.03.01.109. The vulnerability is a directory traversal in the Database Update Wizard’s Run script and Server File components, enabling an attacker to read files on the server by manipulating requests (e.g., c0-param0/c0-param1 in the affected service). R...
PT-2026-2971
Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts Details - The affected code-: ts //Race...
PT-2026-3194
Name of the Vulnerable Software and Affected Versions Captive Historian affected versions not specified Description A flaw exists that, if exploited, could allow an authenticated attacker with Process Optimization Standard User privileges to manipulate queries within Captive Historian. Successful...
PT-2026-2449
Name of the Vulnerable Software and Affected Versions Eptura Archibus version 2024.03.01.109 Description The “Run script” and “Server File” components within the “Database Update Wizard” are susceptible to directory traversal. This allows unauthorized access to files and directories...
PT-2026-2423
Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...
VIAVIWEB Wallpaper Admin SQL注入漏洞
VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the imgid parameter that could lead to the extraction of database...
PT-2026-2747
🟠 CVE-2026-20947 - High Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. https://t.co/plm6gTTLxj https://t.co/1kjK6Hr4sV...
Aero CMS SQL注入漏洞
Aero CMS is a content management system from Aero CMS, Inc. in the United States. A SQL injection vulnerability exists in Aero CMS version 0.0.1, which stems from a SQL injection vulnerability in the author parameter that could lead to the extraction of sensitive database information...
MiracleLinux 8 : mysql:8.0 (AXSA:2025-10922:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10922:01 advisory. mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025 CVE-2025-30688 mysql...
IBM DB2 Privilege Escalation (7250486) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of service due to improper neutralization of special elements in...
CVE-2025-67146
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...
CVE-2025-67147
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in 1 submitcontact.php, the 'username' and 'passkey' parameters in 2 securelogin.php, and the 'loginid', 'pwfield', and 'loginkey' parameters in 3...
CVE-2025-51567
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...
CVE-2025-41005
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...
CVE-2025-41004 Multiple vulnerabilities in Imaster products Open configuration options
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter...
CVE-2025-52694
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...
CVE-2025-52694
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...
CVE-2026-0851
A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...
CVE-2026-0851
A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...
CVE-2026-0852 code-projects Online Music Site AdminUpdateUser.php sql injection
A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...