EUVD-2025-202873

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-14529 Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/adminrunning.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

CVE-2025-14529 Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/adminrunning.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

CVE-2025-14527

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

CVE-2025-14527 projectworlds Advanced Library Management System view_book.php sql injection

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

GHSA-9449-RPHM-MJQR AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

CVE-2025-14515

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addunit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14515 Campcodes Supplier Management System add_unit.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addunit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14514 Campcodes Supplier Management System add_distributor.php sql injection

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/adddistributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2025-14514

Campcodes Supplier Management System 1.0 contains a SQL injection flaw in the /admin/add_distributor.php handler. The vulnerability is triggered by manipulating txtDistributorAddress, enabling remote exploitation. The attack can be initiated remotely and an exploit has been published, per multipl...

EUVD-2025-202655

Not used...

CVE-2025-10163

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-13677

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

SUSE CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

Purei CMS SQL注入漏洞

Purei CMS is a content management system from the Dutch company Purei. A SQL injection vulnerability exists in Purei CMS version 1.0, which originates from a blind time-based SQL injection of unfiltered user input parameters, which could lead to the disclosure or tampering of database information...

Opensolution Quick.Cms SQL注入漏洞

Opensolution Quick.Cms is a website builder for building text management platforms from Opensolution Poland. An SQL injection vulnerability exists in Opensolution Quick.Cms version 6.7, which stems from an SQL injection in the login form that could lead to unauthorized administrator access...

xbtitFM SQL注入漏洞

xbtitFM is a BitTorrent tracker software by the individual developer of xbtitFM. An SQL injection vulnerability exists in xbtitFM version 4.1.18, which stems from an SQL injection in the msgid parameter that could lead to the extraction of database credentials...

langgraph SQL注入漏洞

langgraph is a large modeling framework open source by LangChain. An SQL injection vulnerability exists in langgraph 3.0.0 and earlier versions, which stems from an unvalidated metadata filter key that could lead to an SQL injection attack...