CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

GHSA-FJ74-QXJ7-R3VC AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...

CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

WordPress plugin Cool YT Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2025-32250

Malicious code in bioql PyPI...

CVE-2025-9594 itsourcecode Apartment Management System complain_info.php sql injection

A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...