CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

UniFi Network Application - Multiple vulnerabilities

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. A...

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

EUVD-2026-12627

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

GHSA-QP2J-V5JG-HG68 LibreNMS contains an authenticated SQL Injection vulnerability

LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve...

CVE-2020-36947

LibreNMS 1.46 contains an authenticated SQL injection in the MAC accounting graph endpoint. An attacker with valid credentials can modify the sort parameter to perform SQL queries that extract sensitive database contents via time-based blind SQL injection. The exploitation targets the MAC account...

PT-2026-3307

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2 Description WeGIA is a web manager for charitable institutions. A SQL Injection issue exists that allows for full database exfiltration, exposure of sensitive PII, and potential arbitrary file reads in misconfigur...

EUVD-2025-50812

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topicid parameter...

CVE-2025-50860

SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...

CVE-2025-52914

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...

WordPress BasePress Docs plugin <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update vulnerability

Missing Authorization to Authenticated Subscriber+ Database Update vulnerability discovered by BrokenAC ignore in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.16.3.3...

CentOS 7 : postgresql (RHSA-2021:2397)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2397 advisory. - A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values,...

PT-2024-15413 · Manageengine · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the home Graph-Data of ManageEngine ADAudit Plus. Recommendations: For ManageEngine ADAudit Plus versions 7270 and below,...

PT-2023-31471

Name of the Vulnerable Software and Affected Versions Student Information System version 1.0 Description The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the coursecode parameter of the "marks.php" resource does not validate the characters received and they a...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2023:7770)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7770 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected...

CVE-2021-36909

CVE-2021-36909 concerns WordPress WP Reset PRO Premium plugin (versions

CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection...