PT-2026-5854

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

PT-2026-2370

Name of the Vulnerable Software and Affected Versions VIAVIWEB Wallpaper Admin version 1.0 Description The software contains an SQL injection issue that allows authenticated attackers to manipulate database queries. Attackers can inject SQL code through the img id parameter. Specifically, sending...

EUVD-2025-5911

Malicious code in bioql PyPI...

CVE-2025-9172

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

PYSEC-2023-290

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...

UBUNTU-CVE-2022-45748

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...

Safari Credential Gatherer

This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...

Stash 1.0.3 - SQL Injection User Credentials Disclosure

Stash 1.0.3 - SQL Injection User Credentials Disclosure !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl Gnix http://gnix.netsons.org This exploit use an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract...