EUVD-2021-28264

Malicious code in bioql PyPI...

EUVD-2022-41827

Malicious code in bioql PyPI...

EUVD-2022-24691

Malicious code in bioql PyPI...

EUVD-2023-12782

Malicious code in bioql PyPI...

WordPress plugin Coupon API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Advantive Veracore < 2025.1.1.3 SQL Injection

Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter. No source data...

CVE-2025-54554

tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure...

CVE-2025-54554

CVE-2025-54554 affects Tera Insights tiCrypt (tiaudit component) prior to 2025-07-17. The vulnerability allows unauthenticated REST API requests that disclose sensitive information about underlying SQL queries and database structure. Reported across multiple feeds (Red Hat, PT Security, CVE lists...

CVE-2013-10033 Kimai 0.9.2 db_restore.php SQL Injection

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

GO-2025-3827 eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper

eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper...

CVE-2025-54061 WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarDoc.php endpoint. This vulnerability allo...

CVE-2025-40735

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

CVE-2025-34038 Weaver E-cology SQL Injection

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

CVE-2025-46179

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries...

CVE-2025-46179

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries...

BIT-MARIADB-MIN-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

BIT-MARIADB-MIN-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

BIT-MARIADB-MIN-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

SQL Injection

github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability is due to improper input validation of the role parameter in the /api/artist API endpoint, allowing attackers to inject arbitrary SQL queries...

CVE-2024-11430

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...