SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

HCL Unica Campaign 安全漏洞

HCL Unica Campaign is a marketing campaign management solution from HCL India. A security vulnerability exists in HCL Unica Campaign version 12.1.10, which originates from malicious script injection in HTTP requests and could lead to reflective cross-site scripting attacks...

CVE-2025-52616

HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application...

CVE-2025-52616

The connected sources confirm CVE-2025-52616 affects HCL Unica 12.1.10. Specifically, the vulnerability is described as an exposure of sensitive system information that an attacker could leverage to plan further attacks. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH) with network attack...

HCL Unica 安全漏洞

HCL Unica is an enterprise-level marketing automation and campaign management platform from HCL India. A security vulnerability exists in HCL Unica version 12.1.10, which stems from the possibility of exposing sensitive system information that could be used by an attacker to formulate an attack...

CVE-2022-38140

Auth. contributor+ Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin = 12.1.10 on WordPress...

WordPress plugin Squirrly SEO 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

GitLab Mermaid plugin cross-site scripting vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the Mermai...

CVE-2019-15586

A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...

CVE-2019-15584

A denial of service exists in gitlab v12.3.2, v12.2.6, and v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page...