PT-2026-1059

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the Report argument within the file /worksheet/work edit.jsp. This allows for remote attacks. The exploit details have been publicly...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

WordPress plugin BWL Pro Voting Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-15196

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2026R1.0.1, which stems from improper filtering of...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java...

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi's individual developers. A security vulnerability exists in Ruoyi 4.7.9 and earlier versions, which stems from insufficient input validation in the createTable function in SqlUtil.java, which could lead to a SQL injection attack...

CVE-2025-14950

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /deletepost.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to t...

ChurchCRM 安全漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the WhichType parameter in the src/ListEvents.php file. No details of the vulnerability are provided at this ti...

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

Inventory Management System 安全漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System that stems from vulnerability to SQL injection attacks...

CVE-2025-14622

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

SQL Injection

Jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the code parameter in the /sys/user/queryUserComponentData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

SQL Injection

Apache Hive is vulnerable to SQL Injection. The vulnerability is due to improper handling of delete column statistics requests via Thrift APIs, which allows an authorized attacker to inject malicious SQL queries and manipulate backend database operations...

PT-2025-51031

Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A SQL injection issue exists in the Admin Login component of the software. The issue is located in the /admin/login.php file, specifically within an unknown function. Exploitation occu...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

PT-2025-49769

Name of the Vulnerable Software and Affected Versions SAP Solution Manager affected versions not specified Description SAP Solution Manager is susceptible to a code injection issue stemming from inadequate input sanitation. An authenticated attacker can inject malicious code when invoking a...

EUVD-2025-201707

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/addpayroll.php. Performing manipulation of the argument detailId results in sql injection. The attack can be initiated remotely. The exploit is now publi...

EUVD-2025-201654

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack...