CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

CVE-2025-66237 affects Sunbird DCIM dcTrack and related platforms, where default and hard-coded credentials enable an authenticated attacker to administer the database, escalate privileges on the platform, or execute system commands on the host. Multiple sources confirm the existence of hard-code...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-13788

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

CVE-2025-14012

In JIZHICMS up to version 2.5.5, the Batch Delete Comments component exposes an SQL injection through the file /index.php/admins/Comment/deleteAll.html via the functions deleteAll, findAll, and delete. The issue is triggered by manipulated input and can be exploited remotely. Public exploit infor...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24, 2025 to November 30, 2025)

Last week, there were 126 vulnerabilities disclosed in 113 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 60 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Canadian police trialling facial recognition bodycams

A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialling technology from US-based Axon, which makes products for the military and law enforcement. Up to 50 officers are taking part in th...

Canadian police trialing facial recognition bodycams

A municipal police force in Canada is now using facial recognition bodycams, it was revealed this week. The police service in the prairie city of Edmonton is trialing technology from US-based Axon, which makes products for the military and law enforcement. Up to 50 officers are taking part in the...

Exploit for CVE-2025-55182

🔍 Phoenix SCA Scanner - Universal - Version for CVE-2025-55182...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-980402)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Sunbird DCIM dcTrack 信任管理问题漏洞

Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM, Inc. A trust management issue vulnerability exists in Sunbird DCIM dcTrack that stems from the use of default and hard-coded credentials, which could lead to database management or system command execution...

PT-2025-49147

Name of the Vulnerable Software and Affected Versions dcTrack affected versions not specified Description dcTrack platforms are susceptible to unauthorized access due to the use of default and hard-coded credentials. An attacker gaining access through these credentials could administer the...

PT-2025-49129

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

CVE-2025-62173 Authenticated SQL Injection in Endpoint Module Rest API

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

DEBIAN-CVE-2025-12819

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...