CVE-2025-46256

CVE-2025-46256 relates to WordPress Advanced Database Cleaner PRO before or up to 3.2.10, with a Limited .txt Path Traversal vulnerability. Affected software is the Advanced Database Cleaner PRO plugin (SigmaPlugin implementation). Impact described as path traversal; CVSS v3.1 base score 6.4 (NET...

CVE-2025-46256 WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10...

CVE-2025-46256 WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO advanced-database-cleaner-pro allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through = 3.2.10...

CVE-2026-1234

A security issue was identified in the Llama Stack server when PGVector is used as a vector store provider. During initialization, the server logs print the PGVector database password in clear text. This occurs due to insufficient redaction of sensitive configuration fields. As a result, anyone...

CVE-2025-32303 WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2022-27055

ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes thi...

CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable coursecode and/or customernumber parameter...

CVE-1999-0364

Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data...

CVE-1999-0734

A default configuration of CiscoSecure Access Control Server ACS allows remote users to modify the server database without authentication...

CVE-2019-7260

Linear eMerge E3-Series devices have Cleartext Credentials in a Database...

CVE-2019-7547

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...

CVE-2019-7718

An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack=index=dogetsql=...

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import=deldir=../ URI...

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

CVE-2019-16065

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user...

CVE-2019-16210

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save...

CVE-2019-16177

In Limesurvey before 3.17.14, the entire database is exposed through browser caching...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...