216399 matches found
EUVD-2026-22215
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...
CVE-2026-36947
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...
CVE-2026-36946
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...
CVE-2026-36943
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/managerepair.php...
CVE-2026-36937
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/viewdetails.php...
CVE-2026-36944
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/viewdetails.php...
CVE-2026-36920
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php...
CVE-2026-36942
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...
CVE-2026-36945
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manageclient.php...
CVE-2026-36873
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadadmin.php...
CVE-2026-36919
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...
CVE-2026-36938
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/viewroom.php...
CVE-2026-36941
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manageroom.php...
CVE-2026-5827
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...
CVE-2026-27681 SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...
CVE-2026-27681 SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...