EUVD-2026-31044

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

EUVD-2018-8272

Malware in sbrugna...

EUVD-2006-5092

Malware in sbrugna...

EUVD-2008-4504

Malware in sbrugna...

EUVD-2006-1644

Malware in sbrugna...

EUVD-2005-0830

Malware in sbrugna...

EUVD-2006-6202

Malware in sbrugna...

EUVD-2017-5904

Malware in sbrugna...

EUVD-2021-33135

Malicious code in bioql PyPI...

CVE-2024-3974

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions...

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

CVE-2025-3151

A vulnerability was found in SourceCodester Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit ha...

CVE-2024-10758

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2024-10758 code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2024-3365

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...

Online Library System 跨站脚本漏洞

Online Library System is an open source online library system. A cross-site scripting vulnerability exists in SourceCodester Online Library System version 1.0, which originates from a cross-site scripting vulnerability in the username parameter of the admin/users/controller.php file...

Sql injection

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit h...

Clinics Patient Management System SQL Injection Vulnerability

Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...