CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

CVE-2025-67518 WordPress Accordion Slider PRO plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through = 1.2...

Security Bulletin: IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682.

Summary IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59681 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.25,...

CVE-2025-12807 FactoryTalk® DataMosaix™ Private Cloud SQL Injection

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-14254

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14216

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2025-14209

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

CVE-2025-14285

Code-projects Employee Profile Management System 1.0 is affected by a SQL injection in edit_personnel.php via the per_id parameter. The flaw enables remote exploitation and has publicly available exploits; multiple sources corroborate the issue. There is no product-specific patch details in the p...

SUSE CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

CVE-2025-63740

CVE-2025-63740 : SQL injection in Xinhu Rainrock RockOA 2.7.0, via function getselectdataAjax in inputAction.php (parameter: actstr). Impact includes administrator accounts, password hashes, and database structure. Root cause: improper handling of the actstr parameter leading to data disclosure. ...

CVE-2025-63742

Xinhu Rainrock RockOA 2.7.0 is identified as vulnerable to a SQL injection in function setwxqyAction of webmain/task/api/loginAction.php, exploitable via the shouji and userid parameters. The issue could reveal administrator accounts, password hashes, database structure, and other sensitive data....

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from erroneous data leading to an infinite loop...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper use of hmmpfntomaporder, which could lead to memory mapping errors...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function setwxqyAction in the file webmain/task/api/loginAction.php on the parameters shouji and userid, which could lead...

Open Solutions For Education openSIS 安全漏洞

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS version 9.2 and prior versions, which stems from improper access control and could lead to...