SQLi-Exfiltration-Lab

SQL Injection SQLi - Database Exfiltration Lab Overview...

PT-2026-21438

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...

PT-2026-21442

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

CVE-2025-68855

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through = 1.2.8...

CVE-2024-54222

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

Server-Side Request Forgery

Indico is vulnerable to Server-Side Request Forgery. The vulnerability is due to Indico making outgoing requests to user-provided URLs in various places, where users can access special targets such as localhost or cloud metadata endpoints, and attackers can exploit this to access sensitive data...

Apache Airflow error reporting may expose full kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

GHSA-GFW7-2V73-69WG Apache Airflow error reporting may expose full kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

CVE-2026-1292

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...

CVE-2025-30410

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 39870, Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938, Acronis Cyber Protect 15 Linux, macOS,...

Flask 安全漏洞

Flask is a Python micro-framework developed by Pallets, used for building web applications. Versions of Flask prior to 3.1.2 have a security vulnerability caused by an improper setting of the Vary header when accessing session objects. This vulnerability may lead to the use of cache containing...

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

CVE-2025-68855

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through = 1.2.8...

CVE-2025-68855 WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through = 1.2.8...

CVE-2025-68855 WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through = 1.2.8...

CVE-2025-68855

CVE-2025-68855 relates to the WordPress plugin JobBoard Job listing (job-board-light) , affected up to version 1.2.8 . The issue is described as an Insertion of Sensitive Information Into Sent Data which enables retrieval of embedded sensitive data, exposing confidential information. Root cause d...

CVE-2024-54222

CVE-2024-54222 affects the WordPress Seraphinite Accelerator plugin (seraphinite-accelerator) with versions up to 2.22.15. The Red Hat and NVD entries confirm a Missing Authorization vulnerability that permits retrieval of embedded sensitive data from the Seraphinite Accelerator component. The ri...

CVE-2024-54222 WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through = 2.22.15...