CVE-2024-13232 WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation

The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport function in all versions up to, and including, 4.1.1. This makes it possible for...

CVE-2024-13232 WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation

The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport function in all versions up to, and including, 4.1.1. This makes it possible for...

CVE-2024-13232

CVE-2024-13232 affects the WordPress plugin “WordPress Awesome Import & Export Plugin – Import & Export WordPress Data.” The vulnerability arises from a missing capability check in renderImport() across versions up to and including 4.1.1, enabling authenticated attackers with Subscriber-level acc...

CVE-2024-33807

A SQL injection vulnerability in /model/getteachertimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

CyberoamOS (CROS) SQL Injection Vulnerability

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

CVE-2025-22992

CVE-2025-22992 affects Emoncms (version 11.6.9 and later) via SQL Injection in the /feed/insert.json endpoint. The vulnerability stems from improper handling of user-supplied input in the data query parameter, enabling attackers to execute arbitrary SQL commands under specific conditions. Reporte...

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48585

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CVE-2025-22700

CVE-2025-22700 : WordPress Traveler Code plugin up to 3.1.1 contains an SQL injection due to improper neutralization of input elements, enabling authenticated subscribers to execute arbitrary SQL. The issue affects Traveler Code versions up to 3.1.1 and has a high impact (per CVSS 3.1 score 8.5)....

CVE-2025-22700 WordPress Traveler Code plugin < 3.1.3 - Subscriber+ Arbitrary SQL Execution vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through 3.1.3...

WordPress Traveler Code plugin < 3.1.3 - Subscriber+ Arbitrary SQL Execution vulnerability

Subscriber+ Arbitrary SQL Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Traveler Code versions 3.1.3...

EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Amazon Linux 2 : postgresql (ALAS-2025-2733)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

PT-2025-25327 · Oracle +2 · Oracle +2

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 15.10.16 XWiki versions prior to 16.4.7 XWiki versions prior to 16.10.2 Description: The issue allows execution of any SQL query in Oracle using functions like DBMS XMLGEN or DBMS XMLQUERY. This is due to the XWiki que...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...