EUVD-2025-203481

The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...

CVE-2025-67736

The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...

CVE-2025-65592

CVE-2025-65592 affects nopCommerce 4.90.0. The vulnerability is a Cross Site Scripting (XSS) issue in the product management functionality, where malicious payloads entered into the Product Name and Short Description fields are stored in the backend database and then executed when affected pages ...

WordPress Donation SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...

YAOOK Operator 安全漏洞

YAOOK Operator is an automated control component for deploying and managing OpenStack cloud services from YAOOK Germany. A security vulnerability exists in YAOOK Operator, which stems from improperly configured replication security and could lead to the disclosure of database contents...

ChurchCRM SQL注入漏洞

ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.5.0, which stems from a SQL injection issue in the EventEditor.php file, which could lead to the execution of arbitrary SQL queries...

WordPress plugin All In One SEO Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from sysfs changing group attribute ownership without checking visibility, which could result in a warning message...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an improper warning level, which can lead to misleading error messages...

PT-2025-51353

Name of the Vulnerable Software and Affected Versions FreePBX tts module versions prior to 16.0.5 FreePBX tts module versions prior to 17.0.5 Description The Text to Speech tts module for FreePBX, a web-based graphical user interface for Asterisk, contains a SQL injection flaw. Authenticated user...

PT-2025-51447

Name of the Vulnerable Software and Affected Versions LambertGroup LBG Zoominoutslider versions through 5.4.5 Description A flaw exists in LambertGroup LBG Zoominoutslider that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The iss...

PT-2025-51446

Name of the Vulnerable Software and Affected Versions Themefic Hydra Booking versions through 1.1.32 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a SQL Injection issue. This allows for potential manipulation of databas...

WordPress plugin Newsletter SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin CountDown With Image or Video Background 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

📄 HighCMS 12.x SQL Injection

HighCMS version 12.x remote SQL injection proof of concept exploit written in Python. ============================================================================================================================================= | Title : HighCMS v12.x SQL Injection Exploit | | Author : indoushka ...

SUSE SLES16 Security Update : keylime (SUSE-SU-2025:21194-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21194-1 advisory. Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing t...

EUVD-2025-203469

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

EUVD-2025-203439

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

CVE-2023-53877

CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...