COMMAX Smart Home System SQL注入漏洞

COMMAX Smart Home System is a smart home system from the Korean company COMMAX. A SQL injection vulnerability exists in COMMAX Smart Home System, which stems from a SQL injection issue in the id parameter of loginstart.asp, which could lead to authentication bypass...

PT-2025-49687

Name of the Vulnerable Software and Affected Versions code-projects Employee Profile Management System version 1.0 Description A flaw exists in the Employee Profile Management System that allows for remote code execution. The issue is located in the edit personnel.php file, specifically within an...

PT-2025-49770

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

PT-2025-49837

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system ticketinfo table to bypass license limitations without proper enforcement...

CVE-2025-63742

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

PT-2025-49867

CVE-2025-12807 A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. https://t.co/lEhiHUNcHf...

PT-2025-50099

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the getselectdataAjax function within the inputAction.php file. This allows attackers to obtain sensitive information, including administrator accounts, password...

PT-2025-50212

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A SQL injection issue exists in the Student Management System due to the manipulation of the sy argument within the /promote.php file. This allows for remote attacks. The exploit h...

PT-2025-50238

Name of the Vulnerable Software and Affected Versions COMMAX Smart Home System CDP-1020n affected versions not specified Description The COMMAX Smart Home System is susceptible to a SQL injection issue. This allows attackers to circumvent authentication by injecting malicious SQL code through the...

CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

Analysis of the Security Design, Engineering, and Implementation of the SecureDNA System

We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of...

SAP Application Server for ABAP 安全漏洞

SAP Enterprise Search for ABAP is an enterprise-level unified search software from SAP, a German company. A security vulnerability exists in SAP Enterprise Search for ABAP that stems from a lack of authorization checking and could lead to database table contents being read and exported...

SAP jConnect 代码问题漏洞

SAP jConnect is a database connectivity software from SAP, a German company. A code issue vulnerability exists in SAP jConnect that stems from a deserialization vulnerability that could lead to remote code execution...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from a misuse of the parameter sy in the file /newschoolyear.php, which could lead to a...

OpenBMCS SQL注入漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A SQL injection vulnerability exists in OpenBMCS version 2.4, which stems from a SQL injection issue with the id parameter that could lead to the disclosure of database information...

CVE-2025-63740

SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the function getselectdataAjax on the parameter actstr in the file inputAction.php, which may lead to a SQL injection attack...

漏洞扫描系统

This is a Python web application built using the Flask framework, designed to scan Windows systems for vulnerabilities. The application has several features, including user authentication, task management, and vulnerability scanning. Here is a summary of the key points: User Authentication The...

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

PYSEC-2025-89

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...