PT-2026-27654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to IB/mthca, specifically concerning a missing call to mthca unmap user db within the mthca create srq function. This can lead to a...

Kopek Reem ReKord Client SQL注入漏洞

Kopek Reem ReKord Client is a centralized monitoring and management platform from Kopek Israel. Kopek Reem ReKord Client suffers from a SQL injection vulnerability that stems from improper neutralization of special elements, which could lead to a SQL injection attack...

PT-2026-1021

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to SQL injection. This could allow an attacker to gain unauthorized access to...

PT-2026-21701

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A sandbox escape issue exists in the Storage: IndexedDB component. This allows a potential esca...

CVE-2025-69288

CVE-2025-69288 affects Titra open source time-tracking software. Before version 0.99.49, an authenticated Admin can modify the timeEntryRule in the database, which is then passed to a NodeVM to execute as code, enabling Remote Code Execution. The issue is fixed in 0.99.49. Documents also referenc...

EUVD-2025-206068

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer...

EUVD-2025-206054

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-28949

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-15392 Kohana KodiCMS Search API Endpoint page.php like sql injection

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

CVE-2025-15392 Kohana KodiCMS Search API Endpoint page.php like sql injection

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

CVE-2025-15392

CVE-2025-15392 affects Kohana KodiCMS up to version 13.82.135, specifically the Search API Endpoint component file cms/modules/pages/classes/kodicms/model/page.php. The issue arises from manipulating the argument keyword in the Like function, enabling a SQL injection that can be exploited remotel...

DBSec

No d...

VULNEXPO

🔥 VULNEXPO — Vulnerability Detection & Exploitation Framework...

GHSA-MRFV-M5WM-5W6W libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

[SECURITY] Fedora 42 Update: duc-1.4.6-1.fc42

Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...

EUVD-2023-60533

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

EUVD-2022-55942

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

CVE-2025-15210

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationalitynid leads to sql injection. The attack may be launched remotely. Th...

WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability

WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)

U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...