8.8
CVE-2019-25506 - FreeSMS 2.1.2 Authentication Bypass via SQL Injection
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handlโฆ
7.1
CVE-2019-25505 - Tradebox 5.4 SQL Injection via symbol Parameter
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-bโฆ
8.8
CVE-2019-25504 - NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensitโฆ
7.1
CVE-2019-25503 - PHPads 2.0 SQL Injection via click.php3 bannerID
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue tโฆ
5.1
CVE-2019-25502 - Simple Job Script Cross-Site Scripting via job_type_value Parameter
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browโฆ
8.8
CVE-2019-25501 - Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authenโฆ
8.8
CVE-2019-25500 - Simple Job Script SQL Injection via register-recruiters endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extraโฆ
8.8
CVE-2019-25499 - Simple Job Script SQL Injection via get_job_applications_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication,โฆ
8.8
CVE-2019-25498 - Simple Job Script SQL Injection via searched Endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticationโฆ
6
CVE-2026-20008 - Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Cโฆ
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating sโฆ