Chatwoot SQL注入漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Versions of Chatwoot from 2.2.0 to 4.11.2 contained a SQL injection vulnerability...

itsourcecode Student Transcript Processing System SQL注入漏洞

itsourcecode Student Transcript Processing System is an open-source student transcript processing system developed by itsourcecode. Version 1.0 of the itsourcecode Student Transcript Processing System has a SQL injection vulnerability. This vulnerability arises from improper handling of the...

Joomla! CMS SQL注入漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a SQL injection vulnerability, which stems from improper validation of sorting clauses. This vulnerability may lead to SQL injections within com tags...

PT-2026-43181

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit judge.php. The manipulation of the argument judge id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

PT-2026-43282

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data System - Cyclops versions 11.3.0.2 through Interim Fix 002 Description SQL injection allows a remote attacker to send specially crafted SQL statements to the system. This could enable the attacker to view, add, modify, o...

Twenty 安全漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...

PT-2026-43180

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522 Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted earl...

Sixun Business Management System SQL注入漏洞

Sixun Business Management System is a commercial management system developed by Sixun Corporation. Version 10 of Sixun Business Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter tableno by an unknown function in the...

📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection

Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:2037-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2037-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

Linux Distros Unpatched Vulnerability : CVE-2026-48842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...

CVE-2026-42774

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

CVE-2026-42773

CVE-2026-42773 concerns the WordPress plugin eMagicOne Store Manager (versions up to 1.3.2). The connected documents identify a vulnerability of type SQL Injection (specifically a blind SQL injection) in this plugin. Affected component is the Store Manager code path handling SQL commands, with th...

CVE-2026-42773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...

CVE-2026-42773 WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...

CVE-2026-42774

CVE-2026-42774 affects WordPress JetEngine plugin

CVE-2026-42774 WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

CVE-2026-48837

CVE-2026-48837: SQL Injection in WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

CVE-2026-48837 WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...