Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's Yonyou Corporation. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which stems from incorrect manipulation of the parameter ID in the file /worksheet/agentworkreport.jsp, which could lead to a SQL injection attack...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise-level management software from China's UFIDA Yonyou Corporation. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which originates from an incorrect manipulation of the parameter Report in the file /worksheet/workupdate.jsp, which could lead to a SQL...

online-movie-booking 安全漏洞

online-movie-booking is a university learning website by the individual developer gosaliajainam. A security vulnerability exists in online-movie-booking version 5.5, which stems from an SQL injection in the moviedetails.php file, which could lead to the disclosure of sensitive information...

QNAP Systems Multi-Application Recovery Service SQL注入漏洞

QNAP Systems Multi-Application Recovery Service is a multi-application disaster recovery solution from Taiwan, China-based QNAP Systems. A SQL injection vulnerability exists in QNAP Systems Multi-Application Recovery Service versions prior to 1.2.1.1686, which originates from an SQL injection tha...

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is a Code-Projects open source online music site. Code-Projects Online Music Site version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file /Frontend/AlbumByCategory.php, which could lead to a SQL...

PT-2026-1112

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A flaw exists in code-projects Content Management System that allows for SQL injection. The issue is located in the /pages.php file, specifically through manipulation of the ID...

PT-2026-1114

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site version 1.0 that allows for SQL injection. The issue is located in the /Frontend/ViewSongs.php file, specifically through manipulation of...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's Yonyou Corporation. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which originates from incorrect manipulation of the parameter ID in the file /worksheet/agentworksadd.jsp, which could lead to a SQL injection attack...

CVE-2025-15409

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

CVE-2025-55065

CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...

CVE-2025-15407 code-projects Online Guitar Store Create_category.php sql injection

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15274

A flaw was found in FontForge. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on an affected system. This occurs when a user is tricked into opening a specially crafted SFD file, due to improper validation of user-supplied data length during file...

CVE-2025-15272

A flaw was found in FontForge. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on the system. The flaw occurs during the parsing of SFD Spline Font Database files due to insufficient validation of user-supplied data length. Successful exploitation...

CVE-2025-15270

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

CVE-2025-15269

A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...

CVE-2025-15271

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code on affected installations. Exploitation requires user interaction, such as opening a malicious SFD Spline Font Database file. The issue arises from improper validation of user-supplied data during...

EUVD-2026-0002

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

SQL Injection

Overview langchain-cloudflare is a Langchain Integrations for Cloudflare's WorkersAI and Vectorize Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of nested metadata in D1 database operations. The d1upserttexts and ad1upserttexts methods construct SQ...

[SECURITY] Fedora 42 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-9.fc42

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...

[SECURITY] Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...