CVE-2026-25088

CVE-2026-25088 is described as an "improper neutralization of special elements used in an sql command" (SQL injection) affecting Fortinet FortiNDR versions 7.0 all, 7.1 all, 7.2 all, 7.4.0–7.4.9, and 7.6.0–7.6.2. The underlying issue is a failure to properly sanitize input in SQL commands, allowi...

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

EUVD-2018-21669

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

CVE-2026-27428

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

PT-2026-2747

🟠 CVE-2026-20947 - High Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. https://t.co/plm6gTTLxj https://t.co/1kjK6Hr4sV...

EUVD-2025-35103

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44...

Configuration Manager Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network...

EUVD-2024-55016

Malicious code in bioql PyPI...

EUVD-2024-30754

Malicious code in bioql PyPI...

CVE-2025-54474

CVE-2025-54474 describes a SQL injection vulnerability in the DJ-Classifieds Joomla extension, affecting versions 3.9.2–3.10.1. The issue allows privileged users to execute arbitrary SQL commands. The connected documents consistently reference a DJ-Classifieds SQLi impacting Joomla; no exploitati...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

WordPress plugin Mailing Group Listserv SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

GHSA-H7CM-JVPP-69XF Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

SQL Injection

Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the sort query parameter in the GetAllEvents function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command...

GHSA-W3Q8-M492-4PWP Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

CVE-2023-4833

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6...

CVE-2023-3522

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48...

PT-2023-25756 · Unknown · Food Ordering System

Name of the Vulnerable Software and Affected Versions: Food Ordering System version 1.0 Description: A SQL Injection issue allows attackers to execute commands on the database by sending crafted SQL queries to the ID parameter. Recommendations: For Food Ordering System version 1.0, avoid using th...