CVE-2025-66209

CVE-2025-66209 affects Coolify (open‑source self‑hosted platform for managing servers, apps, and databases). The authenticated command injection vulnerability exists prior to 4.0.0-beta.451 in the Database Backup functionality, where database names are passed to shell commands without sanitizatio...

EUVD-2025-204818

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a deni...

EUVD-2025-204804

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...

CVE-2025-15012

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-15016

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...

CVE-2025-15015

Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

EUVD-2023-60237

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an unvalidated PostgreSQL initialization script filename that could lead ...

PT-2025-52728

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves SQL injection within the /record.php file, triggered by manipulating the ID argument. This...

PT-2025-52769

Name of the Vulnerable Software and Affected Versions RuoYi versions prior to 4.7.9 Description A SQL Injection issue exists in RuoYi versions prior to 4.7.9. This allows a remote attacker to execute arbitrary code through the createTable function located in SqlUtil.java. The vulnerability is...

WordPress plugin WPBulky SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

OrangeScrum SQL注入漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...

SIGB PMB SQL注入漏洞

SIGB PMB is an open source integrated library management system from SIGB. A SQL injection vulnerability exists in SIGB PMB version 7.4.6, which stems from insufficient cleanup of the id parameter in the ajax.php endpoint, which could lead to a SQL injection attack...

PT-2025-52743

Name of the Vulnerable Software and Affected Versions AutomatorWP versions through 5.2.4 Description Improper neutralization of special elements used in an SQL command allows for SQL injection. The issue affects the AutomatorWP plugin. Recommendations Update AutomatorWP to a version later than...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Backup feature and could lead ...

PT-2025-52853

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. An authenticated command injection exists in the Database Import functionality, allowing users with...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an uncleaned database name in the Database Import feature and could lead ...

PT-2025-52851

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection issue exists in the Database Backup functionality for authenticated users with...