CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

CVE-2025-42943 Information Disclosure in SAP GUI for Windows

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

编号撤回

ring is a library by Brian Smith, an individual developer. This CVE number has been withdrawn...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

CVE-2025-8806 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 treeData sql injection

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

CVE-2025-8806 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 treeData sql injection

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

Linux Distros Unpatched Vulnerability : CVE-2023-23599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands t...

PT-2025-32480 · Zhilink 智互联(深圳)科技有限公司 · Adp Application Developer Platform

Name of the Vulnerable Software and Affected Versions: zhilink 智互联深圳科技有限公司 ADP Application Developer Platform version 1.0.0 Description: A critical issue exists in the zhilink 智互联深圳科技有限公司 ADP Application Developer Platform. The vulnerability is due to a SQL injection that can be triggered by...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2024 CPU plus...

How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes

SQL Injection SQLi , a vulnerability almost as old as database-driven web applications themselves CWE-89, persists as a classic example of failing to neutralize user-supplied input before it's used in a SQL query. So why does this well-understood vulnerability type continue to exist? In the...

WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.4.8 - Authenticated (Author+) SQL Injection vulnerability

Authenticated Author+ SQL Injection vulnerability discovered by Kenneth Billones in WordPress Plugin Filebird versions = 6.4.8...

WordPress Campus Directory plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.1...

@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers

Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

Malicious code in support-developer (PyPI)

--- -= Per source details. Do not edit below this line.=-...

WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Easy Elementor Addons versions = 2.2.6...

WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetTabs versions = 2.2.9.1...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...