CVE-2025-41029

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

CVE-2025-41029

CVE-2025-41029 describes a SQL injection vulnerability in Zeon Academy Pro (Zeon Global Tech). The flaw affects the application’s handling of a POST parameter named ‘phonenumber’ in /private/continue-upload.php, enabling an attacker to retrieve, create, update, or delete databases. The CVSS v4.0 ...

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin ListingPro versions = 2.9.10...

SQLi

SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...

WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WPGraphQL versions 2.11.1...

CVE-2026-6674

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

EUVD-2026-24056

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2026-6674 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2026-6674

The CVE refers to the WordPress plugin “Plugin: CMS für Motorrad Werkstätten”, affected through all versions up to and including 1.0.0. The root cause is insufficient escaping of the user-supplied arthtype parameter and lack of proper SQL query preparation, resulting in SQL Injection. The impact ...

CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

CVE-2026-39946

OpenBao (open source identity-based secrets manager) before version 2.5.3 is affected. When revoking privileges on a role within the PostgreSQL database secrets engine, OpenBao could fail to properly quote schema names provided by PostgreSQL, potentially leading to role revocation failures and, m...

CVE-2026-39946 OpenBao allows SQL Injection in PostgreSQL database secrets engine

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

JLSEC-2026-174

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

PT-2026-33983

Name of the Vulnerable Software and Affected Versions Custom css-js-php versions prior to 2.0.8 Description The plugin fails to properly sanitize user input before incorporating it into a SQL query. The resulting output is then passed to the eval function, which enables unauthenticated users to...

PT-2026-33884

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description OpenBao is an open source identity-based secrets management system. In the PostgreSQL database secrets engine, the system fails to use proper database quoting on schema names provided by PostgreSQL...

Zeon Academy Pro SQL注入漏洞

Zeon Academy Pro is an online learning and training management platform developed by the Indian company Zeon. Zeon Academy Pro has a SQL injection vulnerability. This vulnerability stems from the parameter “phonenumber” in the file /private/continue-upload.php, which allows attackers to retrieve,...

Electric SQL注入漏洞

Electric is an open-source Postgres real-time data synchronization engine developed by Electric. Versions of Electric from 1.1.12 to 1.5.0 contained a SQL injection vulnerability. This vulnerability stemmed from the orderby parameter in the /v1/shape API, which allowed incorrect SQL injections...

PT-2026-34064

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...