WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Offensive Labs in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.4.2...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

ChurchCRM Information Disclosure Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

Microsoft Azure Cosmos DB Spoofing Vulnerability

Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...

PT-2025-53415

Name of the Vulnerable Software and Affected Versions ketr JEPaaS versions up to 7.2.8 Description A SQL injection issue exists in ketr JEPaaS. The postilService.loadPostils function, located in the file /je/postil/postil/loadPostil, is susceptible to exploitation. Manipulation of the keyWord...

ChurchCRM Event Participant Editor SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...

ChurchCRM UserEditor.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...

Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...

PT-2025-53388

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 that allows for remote SQL injection. The issue is located in the file /list report.php and involves manipulation of the...

PT-2025-53385

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0 related to the processing of the /student p.php file. Manipulation of the ID argument can lead to SQL injection...

Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...

Scholars Tracking System delete_user.php File SQL Injection Vulnerability

Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...

ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from incorrect manipulation of the parameter ID in the file /form137.php, which could le...

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

CVE-2025-66209

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

EUVD-2025-205313

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

EUVD-2025-205318

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...