CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2026-40840

CVE-2026-40840 describes an unauthenticated SQL Injection in the VerifyCreateLicences function. An attacker with low privileges and remote access can exploit improper neutralization of elements in a SQL SELECT command, leading to total confidentiality loss. Documents consistently cite a SQLi in V...

CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

EUVD-2025-25215

Malicious code in bioql PyPI...

CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

CVE-2024-43207

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62...

CVE-2023-46018

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter...

PT-2023-29489 · Unknown · Turna Advertising Administration Panel

Name of the Vulnerable Software and Affected Versions: Turna Advertising Administration Panel versions prior to 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...

Django: SQL injection possibility in key and index lookups for JSONField/HStoreField

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

PYSEC-2019-123

SQLAlchemy before 1.3.0b3 allows SQL Injection via the orderby parameter. The fix commit 30307c4 was applied only to the main branch and was never backported to the 1.2.x release line; all 1.2.x versions remain vulnerable...