PT-2026-27786

Name of the Vulnerable Software and Affected Versions OpenCart Core version 4.0.2.3 Description The software contains a SQL injection flaw that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the search parameter. This is achieved by sending...

PT-2026-28155

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

EUVD-2019-20022

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

CVE-2019-25639

Affected software : Matrimony Website Script M-Plus. Vulnerability : multiple SQL injection flaws allow unauthenticated attackers to manipulate queries by injecting SQL through POST parameters (txtGender, religion, Fage, cboCountry) in pages such as simplesearch_results.php, advsearch_results.php...

EUVD-2026-14620

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-14608

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

PT-2026-27369

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile list endpoint. Attackers can inject SQL code via the up cast, s mother, and s religion parameters to extract sensitive database information...

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2026-27253

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Subscribe::save method not properly cleaning or parameterizing the usersid attribute, allowing...

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

PT-2026-27034

Name of the Vulnerable Software and Affected Versions WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress versions up to and including 4.9.1 Description The WP Maps plugin for WordPress is susceptible to time-based SQL Injection. This is...

EUVD-2019-19898

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

CVE-2019-25573

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

Bluetooth/BLE Penetration Testing Toolkit for Automotive IVI Sys...

CVE-2026-3334

The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...

PT-2026-26838

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn wp access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the get user access...