CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

Malicious code in update-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b606e43d802d06fa7b5d14f020e7727886462320dd05dca09c16887b15d5a37 The package update-db was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

PT-2025-21695 · Wpgym · Wpgym

Name of the Vulnerable Software and Affected Versions: WPGYM versions prior to 65.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL Injection. This is due to the improper handling of...

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

WordPress plugin myCred 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-39157 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred – Loyalty Points and Rewards plugin for WordPress versions up to, and including, 2.7.3 Description: The issue allows unauthorized modification of data due to a missing capability check on the mycred update database function. This makes...

SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...

DLA-1135-1 db - security update

Bulletin has no description...

Windows Exploit Suggester

Windows Exploit Suggester This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. Windows...