Sunbird Power IQ 安全漏洞

Sunbird Power IQ is a data center infrastructure management software from Sunbird, USA. A security vulnerability exists in Sunbird Power IQ version 9.2.0 that stems from an outdated API endpoint that does not properly validate input and could lead to manipulation of SQL queries...

NEWS-BUZZ 安全漏洞

NEWS-BUZZ is a news management system by ANIRBAN DUTTA Individual Developer that allows users to publish and manage a variety of news content. A security vulnerability exists in NEWS-BUZZ version v.1.0, which stems from vulnerability to SQL injection attacks and may lead to the execution of...

PT-2025-51182

A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be...

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

PT-2025-51259

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A Server-Side Template Injection SSTI issue exists in the Print Format rendering mechanism. The frappe.www.printview.get html and style API triggers the rendering of the html field inside a...

PT-2025-51261

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A SQL injection issue exists in Frappe ERPNext. The get outstanding reference documents function within the erpnext/accounts/doctype/payment entry/payment entry.py file is susceptible to...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

PT-2025-51260

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...

CVE-2025-66438

CVE-2025-66438 describes a Server-Side Template Injection in Frappe ERPNext up to version 15.89.0, exploiting the Print Format rendering workflow. An authenticated attacker with permissions to create/modify a Print Format can inject arbitrary Jinja expressions into the html field. Saving the mali...

How-to Restore Lost Access to Cache Database After Using Custom SSL Certificate

Article Applicability This article is relevant only if the Veeam ONE deployment uses a custom SSL certificate, and not the one generated by the Veeam ONE installer. The error shown in the challenge section can also occur if the Veeam ONE Caching Service cannot access the PostgreSQL instance that...

openSUSE Security Advisory (SUSE-SU-2025:4384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Updates for Microsoft JDBC driver for MSSQL (October 2025)

The The Microsoft JDBC driver for MSSQL installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user...

EUVD-2025-203306

A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=systeminfo. Such manipulation of the argument metavalue leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-14621

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php. The manipulation of the argument userid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2025-14667 itsourcecode COVID Tracking System page sql injection

A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=systeminfo. Such manipulation of the argument metavalue leads to sql injection. The attack may be performed from remote. The exploit has been...

EUVD-2025-203300

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the publ...

Exploit for CVE-2023-12345

Exploit-DB MCP Server for Pentesting A Model Context Protocol...

CVE-2025-14661

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the publ...

EUVD-2025-203293

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...