CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

CVE-2023-45347

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

EUVD-2014-2220

Malware in sbrugna...

EUVD-2021-0120

Malware in sbrugna...

EUVD-2020-7866

Malware in sbrugna...

EUVD-2006-3071

Malware in sbrugna...

EUVD-2022-41721

Malicious code in bioql PyPI...

EUVD-2023-27398

Malicious code in bioql PyPI...

EUVD-2023-45348

Malicious code in bioql PyPI...

EUVD-2023-49441

Malicious code in bioql PyPI...

EUVD-2023-45352

Malicious code in bioql PyPI...

Tenda G3 getsinglepppuser function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...

Sports Management System match.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/match.php. An attacker can exploit this vulnerabilit...

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

Local Services Search Engine Management System SQL Injection Vulnerability

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of the editid parameter in the file...

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

CVE-2024-1849

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...

CVE-2024-29947

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality...

CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...