PT-2026-33046

Name of the Vulnerable Software and Affected Versions Beaver Builder versions prior to 2.10.1.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data directl...

Cisco Unity Connection 安全漏洞

Cisco Unity Connection is a unified communications messaging platform that focuses on providing voicemail and messaging capabilities. An SQL injection vulnerability exists in Cisco Unity Connection. The vulnerability stems from insufficient validation of user-supplied input and can be exploited b...

WordPress plugin Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-30995

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...

Slah CMS 安全漏洞

Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS 1.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the id parameter within the vereadorver.php endpoint, which could lead to SQL injection attacks...

CVE-2026-30995

Slah CMS

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2026-30995

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

CVE-2026-33714

Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...

CVE-2026-36950

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

CVE-2026-6193

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

CVE-2026-6188

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=deletesales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

CVE-2026-6187

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chkprodavailability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit i...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...