EUVD-2025-16990

Malicious code in bioql PyPI...

CVE-2025-54865 Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed...

CVE-2025-27753

CVE-2025-27753 affects RSJoomla! RSMediaGallery component for Joomla, versions 1.7.4 through 2.1.6. Root cause: unescaped user-supplied parameters used directly in SQL queries within the dashboard component, enabling authenticated attackers to inject SQL code. Effects include unauthorized databas...

SQL Injection

@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...

SQL Injection

crud-query-parser is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of the order/sort parameter. Specifically, it occurs because there is no property filter setup when using the TypeORM adapter with ordering enabled, allowing an attacker to inject malicious SQL...

SQL Injection

snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...

CVE-2024-57238

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/procget endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the orderby parameter...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...

SQL Injection

Cacti is vulnerable to SQL Injection. The vulnerability is due to a lack of input sanitization in pollers.php script. This allows an attacker to potentially execute malicious SQL code, resulting in a SQL injection...

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

Virtual Programming VP-ASP 4.005.00 - shopdisplayproducts.asp SQL Injection

Virtual Programming VP-ASP 4.005.00 - shopdisplayproducts.asp SQL Injection source: https://www.securityfocus.com/bid/9134/info It has been reported that VP-ASP may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL co...

VieNuke VieBoard 2.6 - SQL Injection

VieNuke VieBoard 2.6 - SQL Injection source: https://www.securityfocus.com/bid/8967/info It has been reported that VieNuke VieBoard may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database...