PT-2026-33337

Name of the Vulnerable Software and Affected Versions SourceCodester Payroll Management and Information System version 1.0 Description SQL Injection exists in the file '/payroll/view employee.php'. Recommendations Update SourceCodester Payroll Management and Information System to a version newer...

PT-2026-33363

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21 Description An issue exists in the '/de2api/datasetData/previewSql' endpoint where user-supplied SQL is wrapped in a subquery without validation to ensure the input is a single SELECT statement. By utilizing ...

CVE-2026-37336

CVE-2026-37336 affects SourceCodester Simple Music Cloud Community System v1.0. Affected component: SQL Injection in the file /music/view_music.php . The provided documents do not specify the root cause details, impact scope, exploited versions, or remediation. No explicit exploitation informatio...

CVE-2026-37345

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managepark.php...

CVE-2026-37338

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewuser.php...

CVE-2026-37341

CVE-2026-37341 affects SourceCodester Vehicle Parking Area Management System v1.0, with a SQL Injection flaw in /parking/manage_category.php caused by improper input handling in the category management logic. Documented impacts indicate high severity (C/H, I/H, A/H) per CVSS 3.1 and potential dat...

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

CVE-2026-37339

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewgenre.php...

PT-2026-33352

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

PT-2026-33330

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description An issue exists in the file '/music/edit music.php' that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields for executi...

CVE-2026-37340

Consolidated view: CVE-2026-37340 affects SourceCodester Simple Music Cloud Community System v1.0, with a SQL Injection flaw in the file /music/edit_music.php. The vulnerability is described across multiple sources as enabling SQL injection, implying potential disclosure, modification, and disrup...

PT-2026-33358

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

CVE-2026-37337

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewplaylist.php...

PT-2026-33328

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to it...

CVE-2026-37338

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewuser.php...

CVE-2026-32176

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

EUVD-2026-22899

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-30995

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...