WordPress WP Online Users Stats plugin <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter vulnerability

Authenticated Editor+ SQL Injection via tablename Parameter vulnerability discovered by rajanhoyr in WordPress Plugin WP Online Users Stats versions = 1.0.0...

WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...

College Notes Uploading System /login.php File SQL Injection Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System suffers from a SQL injection vulnerability that originates from the mishandling of the User parameter operation by an unknown handler function in the /login.php file. An attacker can use this...

FontForge 资源管理错误漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. A resource management error vulnerability exists in FontForge that stems from not verifying the existence of an object when parsing an SFD file, which could lead to post-release reuse and remote code...

WordPress WP Database Backup plugin < 5.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability discovered by WordFence in WordPress Plugin WP Database Backup versions 5.2...

WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' vulnerability

Authenticated Admin+ SQL Injection via 'materialtext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...

Student File Management System download.php File SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System due to mishandling of the istoreid parameter by an unknown function module in the /download.php file. An attacker can use this vulnerability to obtain or tamp...

Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-993327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993327 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...

CVE-2025-15207

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-52969 affecting package mariadb for versions less than 10.11.15-1

CVE-2023-52969 affecting package mariadb for versions less than 10.11.15-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163

CVE-2023-54163 affects NLB mKlik Macedonia 3.3.12, where a SQL injection vulnerability exists in the international transfer parameters. The root cause is unsanitized input allowing arbitrary SQL execution, potentially exposing sensitive data from the mobile banking application. The CVSSv3.1 vecto...

EUVD-2025-205845

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function editadminquery of the file /admin/editadminquery.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2025-15205

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istoreid leads to sql injection. The attack can be initiated remotely. The exploit is publicly...

CVE-2025-15263 BiggiDroid Simple PHP CMS Admin Login login.php sql injection

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made...

CVE-2025-59129 WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appointify Appointify appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through = 1.0.8...

CVE-2025-59129 WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8...

CVEhunter-Tools

CVEhunter: Integrated AI-Assisted Code Auditing Toolkit Windo...

CVE-2025-69200

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

EUVD-2025-205600

phpMyFAQ has unauthenticated config backup download via /api/setup/backup...