650 matches found
CVE-2026-15676
CVE-2026-15676 affects code-projects Online Job Portal (
CVE-2026-15517
CVE-2026-15517 affects Jinher OA 1.0. The vulnerability resides in an unknown function within the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx, where manipulation of the httpOID argument enables a SQL injection. Remote exploitation is possible, and an exploit has been published. The vendor ...
CVE-2026-4321
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...
IBM App Connect Enterprise 12.0.1.x < 12.0.12.27 / 13.0.1.x < 13.0.8.0 SQL Injection (7278350)
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. Note that Nessus has not tested for this issue but has instead relied...
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...
CVE-2026-13526 SourceCodester Class and Exam Timetabling System edit_class.php sql injection
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
PT-2026-52833
Name of the Vulnerable Software and Affected Versions Recipe Maker For Your Food Blog from Zip Recipes versions prior to 8.2.8 Description A SQL Injection issue exists that allows exploitation at the contributor level. SQL Injection is a technique where an attacker inserts malicious SQL code into...
CVE-2019-25750
Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...
EUVD-2017-19000
Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...
CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability
The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...
EUVD-2026-37720
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...
CVE-2026-54187
Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...
CVE-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
CVE-2026-44172
CVE-2026-44172 affects MariaDB (community fork of MySQL). In versions 3.3.18 and 3.4.8, non-validated user input escaped with mysql_real_escape_string() and sent via text protocol using the big5 character set could be exploited for SQL injection, despite the escaping attempt. The issue has been p...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-42835
Microsoft Teams for Android contains a vulnerability described as improper neutralization of special elements in output used by a downstream component ('injection'), enabling an authorized attacker to disclose information over a network. Affected software: Microsoft Teams for Android. Root cause:...
Nemon Trade Energy和Nemon Trade Energy CRM SQL注入漏洞
Nemon Trade Energy and Nemon Trade Energy CRM are both products of the Spanish company Nemon. Nemon Trade Energy is a platform for managing energy retail businesses. Nemon Trade Energy CRM is a platform for managing energy customer relationships. Both Nemon Trade Energy and Nemon Trade Energy CRM...