CVE-2023-53734

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

CVE-2025-12819

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

AZL-72307 CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

UBUNTU-CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

EUVD-2025-201450

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

CVE-2025-14104

CVE-2025-14104 concerns a heap buffer overread in util-linux's setpwnam() when processing 256-byte usernames, affecting SUID login-utils that write to the password database. The vulnerability is exploitable locally with low privileges and can impact availability (high) and confidentiality (low); ...

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database. Mitigation Mitigation for this issue is either not...

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

MCP Exploit-DB Server An MCP Model Context Protocol server...

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated SQL Injection via auction_id vulnerability

Unauthenticated SQL Injection via auctionid vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

PT-2025-49230

Name of the Vulnerable Software and Affected Versions My auctions allegro plugin for WordPress versions through 3.6.32 Description The My auctions allegro plugin for WordPress is susceptible to SQL Injection via the auction id parameter. Insufficient escaping of user-supplied input and a lack of...

WordPress plugin My auctions allegro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

PHP-Guitar-Shop SQL注入漏洞

PHP-Guitar-Shop is a guitar store website by the individual developer Konrad. PHP-Guitar-Shop suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file /product.php, which could lead to a SQL injection attack...

wp_exploitation_framework

🚀 WordPress PWN Framework v5.0 - AI-Powered Edition !Python...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2023-53734

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...