EUVD-2025-34103

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

PT-2025-41826

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remotely authenticated attacker can potentially read arbitrary data from the database. The issue allows for...

PT-2025-41832

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remotely authenticated attacker can potentially read arbitrary data from the database. The issue allows unauthorized...

CVE-2025-40885

CVE-2025-40885 is an authenticated SQL Injection vulnerability in Nozomi Networks Guardian/CMC Smart Polling functionality caused by improper input validation. An authenticated user with limited privileges can cause the DBMS to execute arbitrary SELECT statements, potentially exposing data. Affec...

EUVD-2017-11168

Malware in sbrugna...

EUVD-2011-1438

Malware in sbrugna...

EUVD-2025-11407

Malicious code in bioql PyPI...

EUVD-2023-53172

Malicious code in bioql PyPI...

EUVD-2024-48082

Malicious code in bioql PyPI...

EUVD-2022-1831

Malicious code in bioql PyPI...

EUVD-2022-35052

Malicious code in bioql PyPI...

Exploit-Notes

Exploit Notes Exploit Notes is sticky notes for pentesting...

CVE-2025-59743

AndSoft e-TMS v25.03 suffers an SQL injection via the SessionID cookie in /inc/connect/CONNECTION.ASP, allowing retrieval, creation, update, and deletion of databases through POST requests. Multiple sources (NVD/CNVD/CVELIST/CNNVD) confirm the vulnerability in this version, with high CRITICAL ris...

CVE-2025-57516

OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file...

SUSE-SU-2025:20754-1 Security update for aide

This update for aide fixes the following issues: - CVE-2025-54389: Fixed improper output neutralization bsc1247884 - CVE-2025-54409: Fixed null pointer dereference after reading incorrectly encoded xattr attributes from database bsc1247885...

SUSE-SU-2025:20657-1 Security update for aide

This update for aide fixes the following issues: - CVE-2025-54389: Escape control characters in report and log output bsc1247884. - CVE-2025-54409: Fix null pointer dereference after reading incorrectly encoded xattr attributes from database bsc1247885...

AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS)

...

ROS-20250904-07

A vulnerability in a RAM computing platform consisting of a database and application server Tarantool is associated with an achievable assertion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

MGASA-2025-0224 Updated aide packages fix vulnerabilities

Improper output neutralization potential AIDE detection bypass. CVE-2025-54389 Null pointer dereference after reading incorrectly encoded xattr attributes from database local DoS. CVE-2025-54409...

CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...