CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

INF113-SQLINJECTION-CHALLENGE

INF113-SQLINJECTION-CHALLENGE You are a junior software engine...

CVE-2025-67517

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through = 2.22.9.2...

CVE-2025-12807

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

CVE-2025-42891

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

EUVD-2025-202353

Malicious code in database-mongoose-kit npm...

Malicious code in database-mongoose-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df08b31cea7b04dc684cec25582ae2e1877edf126ed8b1963f77c87b4d93de08 The package database-mongoose-kit was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview database-mongoose-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-192398 Malicious code in database-mongoose-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df08b31cea7b04dc684cec25582ae2e1877edf126ed8b1963f77c87b4d93de08 The package database-mongoose-kit was found to contain malicious code. Source: ghsa-malware...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection due to untrusted metadata filter keys being directly used in SQL queries without proper validation. An attacker can acces...

LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...

PT-2025-50558

Name of the Vulnerable Software and Affected Versions LangGraph versions 3.0.0 and below Description The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the metadata...

Huawei HarmonyOS Competitive Conditions Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...

SpinetiX Fusion Digital Signage 安全漏洞

SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from unauthorized access to the database backup directory and could lead to information disclosure...

Employee Profile Management System /view_personnel.php File SQL Injection Vulnerability

Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /viewpersonnel.php. An...

Simple Shopping Cart adminlogin.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...

Student Management System /newcurriculm.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

PT-2025-50516

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...