37 matches found
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
EUVD-2025-10350
Malicious code in bioql PyPI...
EUVD-2024-54518
Malicious code in bioql PyPI...
EUVD-2022-51386
Malicious code in bioql PyPI...
PT-2025-31498 · Code Projects · Vehicle Management
Name of the Vulnerable Software and Affected Versions: code-projects Vehicle Management version 1.0 Description: A critical issue exists in code-projects Vehicle Management 1.0. The manipulation of the company argument in the /updatebal.php file leads to SQL injection. This allows for remote...
CVE-2024-8855
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks...
CVE-2022-4307
The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...
CVE-2022-1123
The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks...
CVE-2024-9838
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
CVE-2025-2248
Summary (CVE-2025-2248) WP-PManager WordPress plugin (versions ≤ 1.2) exposes a SQL injection risk: a parameter is not sanitized/escaped before use in a SQL statement, enabling admin-level exploitation. The root cause is improper input handling in the plugin’s database query construction. Documen...
CVE-2024-11267 JSP Store Locator <= 1.0 - Contributor+ SQL Injection
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks...
CVE-2024-10009
The CVE-2024-10009 entry relates to the Melapress File Monitor WordPress plugin prior to version 2.1.0. The root cause is insufficient sanitization and escaping of a parameter used in an SQL statement, enabling an SQL injection attack by admins. Reported details across multiple sources confirm th...
CVE-2024-9770
The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
CVE-2024-13668
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins...
CVE-2024-52612 SolarWinds Platform Reflected Cross-Site Scripting Vulnerability
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable...
CVE-2024-12772
The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...
CVE-2024-12321 WC Affiliate <= 2.3.9 - Reflected XSS
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-50367
The CVE-2024-50367 affects Advantech EKI-6333AC-2G (<=1.6.3), EKI-6333AC-2GD (<=1.6.3), and EKI-6333AC-1GPO (
CVE-2023-5750
The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-3908
The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...