CVE-2025-58951 WordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through = 3.1...

CVE-2025-14314

CVE-2025-14314 affects Roxnor PopupKit's popup-builder-block in WordPress PopupKit (

Advantech WebAccess/SCADA

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to read or modify a remote database. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

EUVD-2025-204034

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

UBUNTU-CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

CVE-2025-68462

CVE-2025-68462 affects Freedombox prior to 25.17.1. The vulnerability arises from improper permissions on the backups-data directory, which can allow reading of database dump files stored there. The CVSS baseline indicates a local attack with high complexity and no privileges required, yielding a...

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

EUVD-2023-60205

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

EUVD-2025-204012

A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipulation of the argument clinic results in sql injection. The attack can be initiated remotely. The...

EUVD-2025-204021

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

Google Pixel elevation of privilege vulnerability (CNVD-2026-0269521)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...

CVE-2025-63948

CVE-2025-63948 describes a SQL Injection in phpMsAdmin 2.2, triggered by the unfiltered dbname parameter in the file database_mode.php . The vulnerability allows an attacker to execute arbitrary SQL commands, potentially leading to information disclosure or database manipulation. Affected softwar...

CVE-2025-63947

PHPMsAdmin 2.2 contains a reflected XSS in database_mode.php via the dbname parameter after authentication. The flaw allows execution of arbitrary script/HTML in the user context. Root cause: unfiltered dbname input. Impact is XSS with low confidentiality/integrity impact per provided metrics; no...

Linux Distros Unpatched Vulnerability : CVE-2025-68462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. CVE-2025-68462 Note...

PT-2025-52260

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0 Description A flaw exists in Campcodes Supplier Management System version 1.0 that allows for remote SQL injection. The issue is located in the file /admin/add retailer.php and involves...

PT-2025-52279

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...

CVE-2025-63947

A Reflected Cross-Site Scripting XSS vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated...

PT-2025-52343

Name of the Vulnerable Software and Affected Versions phpMsAdmin version 2.2 Description A Reflected Cross-Site Scripting XSS issue exists in the database mode.php file. After a user is authenticated, an attacker can execute arbitrary web script or HTML via the dbname parameter. Recommendations...