59 matches found
CVE-2025-10187 GSpeech TTS – WordPress Text To Speech Plugin <= 3.17.13 - Authenticated (Admin+) SQL injection
The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-11912
A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...
CVE-2025-11911
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
EUVD-2011-4855
Malware in sbrugna...
EUVD-2013-0325
Malware in sbrugna...
EUVD-2017-3199
Malware in sbrugna...
EUVD-2025-32540
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API...
EUVD-2025-32047
Malicious code in bioql PyPI...
CVE-2025-56588
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
Dolibarr vulnerable to RCE via the computed field parameter
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
GHSA-27HJ-48R9-X2VX Dolibarr vulnerable to RCE via the computed field parameter
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
CVE-2025-56588
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
UBUNTU-CVE-2025-56588
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
CVE-2025-56588
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
Dolibarr ERP & CRM 安全漏洞
Dolibarr ERP & CRM is an enterprise management software from Dolibarr Open Source. A security vulnerability exists in Dolibarr ERP & CRM version 21.0.1 due to a remote code execution vulnerability in the computed field parameter of the User module configuration...
CVE-2025-56588
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...
CVE-2025-29181
FOXCMS = V1.25 is vulnerable to SQL Injection via $param'title' in /admin/util/Field.php...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...
WordPress plugin Categorized Gallery Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2024-31902 · Unknown · Scriptcase
Name of the Vulnerable Software and Affected Versions: Scriptcase versions 9.10.023 and earlier Description: The issue is related to Cross Site Scripting XSS in the nm cor.php file, specifically via the form and field parameters. This allows for potential malicious script injection...