CVE-2025-40639

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

EUVD-2025-208400

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

CVE-2025-40639 SQL injection in Eventobot

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

CVE-2025-40639

CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...

PT-2026-24051

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...

Eventobot SQL注入漏洞

Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...

CVE-2026-1277

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Promo versions = 1.3.0...

EUVD-2025-27936

Malicious code in bioql PyPI...

EUVD-2024-41426

Malicious code in bioql PyPI...

Malicious code in raid-shadow-legends-promo-codes288 (npm)

The package raid-shadow-legends-promo-codes288 was found to contain malicious code...

MAL-2025-45752 Malicious code in raid-shadow-legends-promo-codes288 (npm)

The package raid-shadow-legends-promo-codes288 was found to contain malicious code...

Malicious code in a2z-promo-tool (npm)

The package a2z-promo-tool was found to contain malicious code...

Malicious code in raid-shadow-legends-promo-codes286 (npm)

The package raid-shadow-legends-promo-codes286 was found to contain malicious code...

MAL-2025-35743 Malicious code in test-mlw2-manet-promo (npm)

The package test-mlw2-manet-promo was found to contain malicious code...

MAL-2025-23431 Malicious code in islands-promo (npm)

The package islands-promo was found to contain malicious code...

Malicious code in test-mlw2-manet-promo (npm)

The package test-mlw2-manet-promo was found to contain malicious code...

MAL-2025-13935 Malicious code in a2z-promo-tool (npm)

The package a2z-promo-tool was found to contain malicious code...

Malicious code in islands-promo (npm)

The package islands-promo was found to contain malicious code...

CVE-2025-3863

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the processwbelpspromoform function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level acces...