EUVD-2022-55354

Malicious code in bioql PyPI...

CVE-2025-11056

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-11056

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-11056

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-11056

CVE-2025-11056 affects ProjectsAndPrograms School Management System 1.0. The vulnerability is in the file owner_panel/fetch-data/select-students.php where manipulation of the select parameter causes a SQL injection. Remote exploitation is possible and exploits have been published. Several connect...

CVE-2025-11056 ProjectsAndPrograms School Management System select-students.php sql injection

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-11056 ProjectsAndPrograms School Management System select-students.php sql injection

A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ownerpanel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible...

PT-2025-39723

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System version 1.0 Description A SQL injection issue exists in ProjectsAndPrograms School Management System version 1.0. The issue is located in the owner panel/fetch-data/select-students.php file,...

school-management-system SQL注入漏洞

school-management-system is a PHP school management system for schools or small organizations developed by Shubham kumar, an individual developer. A SQL injection vulnerability exists in school-management-system version 1.0, which stems from incorrect manipulation of the parameter select in the...

GHSA-98F8-J56X-2HH4 Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or...

CVE-2025-11060 Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions

A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records...

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

surrealdb 安全漏洞

surrealdb is an open source document graph database from SurrealDB. A security vulnerability exists in surrealdb that stems from a flaw in the database engine's real-time query subscription mechanism, which could lead to a record or guest user bypassing access control via a specially crafted LIVE...

CVE-2023-53209 wifi: mac80211_hwsim: Fix possible NULL dereference

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fix possible NULL dereference In a call to mac80211hwsimselecttxlink the sta pointer might be NULL, thus need to check that it is not NULL before accessing it...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the LIVE SELECT process. An attacker can access unauthorized records by subscribing to live queries on a table and observing data changes triggered by other users, thereby bypassing intended access controls...

CVE-2025-10218

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-10218

CVE-2025-10218 affects lostvip-com ruoyi-go 2.1, specifically the SelectListPage function in modules/system/dao/SysRoleDao.go. The vulnerability arises from manipulation of the sortName argument, enabling SQL injection with remote exploitation reported as possible. Exploitation code has been publ...

PT-2025-37101

Name of the Vulnerable Software and Affected Versions: ruoyi-go version 2.1 Description: A flaw exists in the SelectListPage function within the SysRoleDao.go file of the Background Management Page component. Manipulation of the sortName argument can lead to SQL injection. Remote exploitation is...