EUVD-2026-34023

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

IBM i Access injection vulnerability

IBM i Access is a set of IBM i platform client software developed by the American multinational company International Business Machines IBM. Versions 1.1.5.0 to 1.1.9.12 of IBM i Access, along with IBM i Access Client Solutions, have injection vulnerabilities. These vulnerabilities arise when the...

ITSsourcecode Content Management System SQL Injection Vulnerability

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

CVE-2026-10184 SourceCodester Hospitals Patient Records Management System Users.php delete sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

Plack::Middleware::Security::Common 安全漏洞

Plack::Middleware::Security::Common is a Perl web application security header middleware developed by RRWO’s individual developers. Versions of Plack::Middleware::Security::Common prior to 0.13.1 contained security vulnerabilities. These vulnerabilities stemmed from ineffective header injection...

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

OpenCATS 0.9.7.4 - SQL Injection

Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else "http://localhost:8888" user = sys.argv2 if lensys.argv 2 else "admin" pw = sys.argv3 i...

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

PT-2026-43348

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is greater than or is less than operators, user-supplied values in the valu...

CVE-2026-9450

The CVE-2026-9450 entry concerns code-projects Employee Management System 1.0. A SQL injection vulnerability exists in /psubmit.php via the pid parameter. The issue is exploitable remotely, with exploitation maturity listed as PROOF-OF-CONCEPT. Affected component/function is unknown beyond /psubm...

CVE-2026-25606

CVE-2026-25606 concerns STER. The vulnerability is a SQL injection affecting multiple Search Filters where improper input neutralization allows an authenticated attacker to view data belonging to other users or any data the application can access. Affected component appears to be the STER web/app...

Edimax BR-6228NC 注入漏洞

The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

...

Advantech多款产品 SQL注入漏洞

Advantech IoTSuite SaaSComposer is a product of Advantech Corporation from Taiwan, China. Advantech IoTSuite SaaSComposer is a low-code visual development tool. Advantech IoTSuite Growth Linux docker is a containerized deployment solution for industrial IoT platforms. Advantech IoTSuite Starter...

WordPress plugin APIExperts Square for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-39506

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com baforms component with malicious JSON payloads in the 'id' field...

MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

Wireshark MCP Server 命令注入漏洞

Wireshark MCP Server is a network packet capture and analysis tool developed by AG Personal Developers. Wireshark MCP Server has a command injection vulnerability, which stems from a issue with the quickcapture function in the pysharkmcp.py file. This vulnerability may lead to command injection v...