CVE-2025-34179

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

CVE-2025-14780 Xiongwei Smart Catering Cloud Platform dish_trade_detail_get sql injection

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 - Environnement d'Expérimentation Architecture...

EUVD-2025-203551

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.5...

CVE-2025-67999

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through = 9.0.9...

CVE-2025-68056 WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

CVE-2025-68054 WordPress CountDown With Image or Video Background plugin <= 1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup CountDown With Image or Video Background countdownwithbackground allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2025-68055

CVE-2025-68055 - WordPress Hydra Booking plugin

CVE-2025-68055 WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.32...

CVE-2025-67999

Technical details for CVE-2025-67999 are not provided in the supplied documents. Monitor for updates; the materials do not specify affected product versions, impact, or remediation.

CVE-2025-67950

CVE-2025-67950 affects the WordPress All In One SEO Pack plugin (versions up to 4.9.1). The Red Hat/NVD/Patchstack entries describe an SQL injection vulnerability due to improper input handling that enables blind SQL injection with authenticated access (Contributor+) and high impact (C/H/I/H/A). ...

CVE-2025-67751

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-14758

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

EUVD-2025-203486

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

EUVD-2025-203480

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

CVE-2025-14758 Initialization of a Resource with an Insecure Default in YAOOK

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

CVE-2025-14758

The CVE-2025-14758 entry concerns the YAOOK Operator’s infra-operator, where a misconfiguration in the replication security of the MariaDB component could allow an on-path attacker to read database contents, potentially including credentials. This is documented across multiple feeds (NVD, Red Hat...

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...