CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WCFM Marketplace versions = 3.7.1...

CVE-2026-20061 Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting XSS attack, an open redirect attack, and an SQL injection attack. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse CVE-2026-2768...

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-6191

A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

PT-2026-33097

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions n/a through 3.7.1 Description Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, allows for the execution of unauthorized SQL commands. Recommendations At the moment, ther...

PT-2026-33241

Name of the Vulnerable Software and Affected Versions Drupal core versions 8.0.0 through 10.5.8 Drupal core versions 10.6.0 through 10.6.6 Drupal core versions 11.0.0 through 11.2.10 Drupal core versions 11.3.0 through 11.3.6 Description Drupal core allows Object Injection due to improperly...

CVE-2026-30995

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...