CVE-2026-12725 Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...

EUVD-2025-28884

Malicious code in bioql PyPI...

EUVD-2023-46637

Malicious code in bioql PyPI...

CVE-2025-10822

A vulnerability has been found in fuyanglipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and m...

CVE-2025-10822 fuyang_lipengjun platform queryAll SysSmsLogController improper authorization

A vulnerability has been found in fuyanglipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and m...

CVE-2025-10084

A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly...

CVE-2025-9740 code-projects Human Resource Integrated System log_query.php sql injection

A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /logquery.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-9740 code-projects Human Resource Integrated System log_query.php sql injection

A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /logquery.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-9740

CVE-2025-9740 affects code-projects Human Resource Integrated System 1.0. The vulnerability is in /log_query.php where manipulation of the ID parameter enables SQL injection, with remote exploitation and public availability of the exploit. Multiple sources corroborate the issue across vendors and...

Code-Projects Human Resource Integrated System 安全漏洞

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

PT-2025-35421

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A SQL injection issue exists in the /log query.php file. Manipulation of the ID argument can lead to SQL injection. The exploit has been made public and could be used to...

Linux Distros Unpatched Vulnerability : CVE-2016-10204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...

Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query

A vulnerability in Kubernetes allows remote code execution. Read how abusing Log Query can lead to a complete takeover of all Windows nodes in a cluster...

Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query

A vulnerability in Kubernetes allows remote code execution. Read how abusing Log Query can lead to a complete takeover of all Windows nodes in a cluster...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...

CVE-2023-42178

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...