890 matches found
CVE-2021-27672
SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...
EUVD-2025-208503
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...
Rockwell Automation FactoryTalk DataMosaix Private Cloud
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
CVE-2022-31447
An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...
CVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...
CVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976469)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2025-10460
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...
EUVD-2020-14936
Malware in sbrugna...
EUVD-2008-1880
Malware in sbrugna...
EUVD-2019-3291
Malware in sbrugna...
EUVD-2020-13760
Malware in sbrugna...
EUVD-2020-23587
Malware in sbrugna...
EUVD-2020-13127
Malware in sbrugna...
EUVD-2025-25613
Malicious code in bioql PyPI...
EUVD-2024-37830
Malicious code in bioql PyPI...
Hospital Management System edit-doctor.php file SQL Injection Vulnerability
Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter docfees in the file /admin/edit-doctor.php. An...
CVE-2025-54060
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarInfoPessoal.php endpoint. This...
PT-2025-29917 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager. A SQL Injection vulnerability exists in the idatendido familiares parameter of the /html/funcionario/dependente editarDoc.php endpoint. This allows manipulation o...