TrueBooker <= 1.0.2 - SQL Injection

The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2021-27139

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp...

Exploit for CVE-2026-3222

WP Maps Exploit - Time-Based Blind SQL Injection CVE-2026-32...

CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

PT-2026-5833

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2023-29116

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

CVE-2019-16285

If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive...

CVE-2024-2831

The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Pervasive Vulnerability Analysis and Defense for QKD-Based Quantum Private Query

Quantum Private Query QPQ based on Quantum Key Distribution QKD is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocol...

EUVD-2019-19371

Malware in sbrugna...

EUVD-2021-13906

Malware in sbrugna...

EUVD-2019-19360

Malware in sbrugna...

EUVD-2019-19366

Malware in sbrugna...

EUVD-2018-17780

Malware in sbrugna...

EUVD-2018-3786

Malware in sbrugna...

EUVD-2018-17781

Malware in sbrugna...

EUVD-2018-7486

Malware in sbrugna...

EUVD-2017-14698

Malware in sbrugna...