CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

EUVD-2026-34962

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2026-8978

The CVE covers OptinCraft

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

RHEL 9 : Satellite 6.19.1 Async Update (Moderate) (RHSA-2026:22326)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22326 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

PT-2026-47157

Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the httpOID parameter. SQL injection is a technique where an attacker inserts malicious SQL...

PT-2026-47135

Name of the Vulnerable Software and Affected Versions OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions prior to 1.2.1 Description The plugin is subject to generic SQL Injection, a flaw where an attacker can interfere with the queries that an application makes to its database...

PT-2026-47152

Name of the Vulnerable Software and Affected Versions Jinher OA C6 affected versions not specified Description A SQL injection flaw exists in the file '/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx'. A remote attacker can exploit this by manipulating the queryID argument. SQL injection is a technique...

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2026-6448 Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2026-7266

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...