CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

PT-2026-25801

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date start and date end from $ REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escape...

PT-2025-48447

Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025...

EUVD-2025-11280

Malicious code in bioql PyPI...

CVE-2025-10826 Campcodes Online Beauty Parlor Management System sales-reports-detail.php sql injection

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launche...

MAL-2025-38289 Malicious code in via-date-range (npm)

The package via-date-range was found to contain malicious code...

Malicious code in via-date-range (npm)

The package via-date-range was found to contain malicious code...

RHSA-2023:7656

creationtimestamp| type| source ---|---|--- 2025-08-01 15:49:22+00:00| seen| Telegram/vqMv-pw9KY3Z5TMAkCKFJ81O0KEk3Kk9SHClQG6teUoaj50 2025-08-02 14:50:53+00:00| seen| Telegram/O48YTDst3MKwqXTmoA7eKUU-Al4YKF5xmz2EhGo0DjbdKvM 2025-08-02 17:49:06+00:00| seen|...

GWE JEvents SQL注入漏洞

GWE JEvents is a plugin from GWE UK for Joomla! A SQL injection vulnerability exists in GWE JEvents versions prior to 3.6.88 and 3.6.82.1, which stems from a SQL injection in the publicly accessible date range query function...

CVE-2025-5653

A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack c...

CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

CVE-2025-4927

A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to...

CVE-2018-9205

creationtimestamp| type| source ---|---|--- 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2025-02-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-02 2025-04-12 00:00:00+00:00| seen| The Shadowserver...

CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

CVE-2023-2332

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

Failed to execute cmdlet "Export-LogReportCsv"

While running cmdlet "Export-LogReportCsv" and setting parameter "StartDateRange" before two weeks or more, "The remote server returned an unexpected response: 502 Bad Gateway" error may show as below. ----------- Export-LogReportCsv -OutputFile "C:\temp\CitrixConfigLog.csv" -StartDateRange...

CVE-2019-8822

creationtimestamp| type| source ---|---|--- 2024-01-31 08:01:48+00:00| seen| https://t.me/ctinow/176531 2024-01-31 09:41:57+00:00| seen| https://t.me/ctinow/176592 2024-01-31 10:36:48+00:00| seen| https://t.me/ctinow/176628 2024-01-31 16:42:00+00:00| seen| https://t.me/ctinow/176867 2024-01-31...