CVE-2024-47062

CVE-2024-47062: Navidrome's SQL Injection Vulnerability

A critical SQL injection vulnerability, designated as CVE-2024-47062, was recently discovered in Navidrome. This flaw allows authenticated users to execute arbitrary SQL queries against the Navidrome database.

CVE-2024-9264 banner

CVE-2024-9264: Command Injection and Local File Inclusion in Grafana

CVE-2024-9264 is a critical security vulnerability that affects Grafana. This vulnerability, stemming from the newly introduced SQL Expressions feature, allows for remote code execution (RCE) and local file inclusion (LFI) attacks.

CVE-2024-9264: Command Injection and LFI in Grafana

CVE-2023-33246: Remote Code Execution vulnerability in Apache RocketMQ

CVE-2023-33246: Remote Code Execution in Apache RocketMQ

In March 2023, a vulnerability was discovered in RocketMQ that could allow an attacker to execute arbitrary code on the target system. This vulnerability is tracked as CVE-2023-33246.

CVE-2024-1698 banner

Dissecting CVE-2024-1698 in NotificationX for WordPress

We're diving into CVE-2024-1698, a critical unauthenticated SQL injection (SQLi) vulnerability lurking in NotificationX – a popular plugin for sales popups and social proof notifications. 

CVE-2024-27956 banner

CVE-2024-27956: SQL Injection Vulnerability in ValvePress Automatic (WP-Automatic)

CVE-2024-27956 refers to a critical SQL injection (SQLi) vulnerability discovered in the WP-Automatic plugin, a popular content automation tool for WordPress websites.

CVE-2023-25157: SQL Injection Vulnerabilities in GeoServer


GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. On June 6, 2023, a security researcher disclosed two SQL injection vulnerabilities in GeoServer, tracked as CVE-2023-25157 and CVE-2023-25158.

Ethical Hacking

Ethical Hacking - Sql Injection