CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

PT-2026-25801

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date start and date end from $ REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escape...

PT-2025-48447

Name of the Vulnerable Software and Affected Versions Onaylarım versions 25.09.26.01 through 18112025 Description An improper enforcement of behavioral workflow issue exists in Onaylarım. This allows for functionality misuse. Recommendations Update Onaylarım to a version later than 18112025...

EUVD-2025-11280

Malicious code in bioql PyPI...

CVE-2025-10826 Campcodes Online Beauty Parlor Management System sales-reports-detail.php sql injection

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launche...

MAL-2025-38289 Malicious code in via-date-range (npm)

The package via-date-range was found to contain malicious code...

Malicious code in via-date-range (npm)

The package via-date-range was found to contain malicious code...

RHSA-2023:7656

creationtimestamp| type| source ---|---|--- 2025-08-01 15:49:22+00:00| seen| Telegram/vqMv-pw9KY3Z5TMAkCKFJ81O0KEk3Kk9SHClQG6teUoaj50 2025-08-02 14:50:53+00:00| seen| Telegram/O48YTDst3MKwqXTmoA7eKUU-Al4YKF5xmz2EhGo0DjbdKvM 2025-08-02 17:49:06+00:00| seen|...

GWE JEvents SQL注入漏洞

GWE JEvents is a plugin from GWE UK for Joomla! A SQL injection vulnerability exists in GWE JEvents versions prior to 3.6.88 and 3.6.82.1, which stems from a SQL injection in the publicly accessible date range query function...

CVE-2025-5653

A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack c...

CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

CVE-2025-4927

A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to...

CVE-2018-9205

creationtimestamp| type| source ---|---|--- 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2025-02-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-02 2025-04-12 00:00:00+00:00| seen| The Shadowserver...

CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

CVE-2023-2332

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

Failed to execute cmdlet "Export-LogReportCsv"

While running cmdlet "Export-LogReportCsv" and setting parameter "StartDateRange" before two weeks or more, "The remote server returned an unexpected response: 502 Bad Gateway" error may show as below. ----------- Export-LogReportCsv -OutputFile "C:\temp\CitrixConfigLog.csv" -StartDateRange...