31101 matches found
EUVD-2026-40076
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
PYSEC-2026-505 Injection vulnerability that affects ironic-discoverd
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PYSEC-2026-530 SciTokens is vulnerable to SQL Injection in KeyCache
Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...
BIT-PYTHON-MIN-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-13551
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...
CVE-2026-13548 itsourcecode Hospital Management System doctortimings.php sql injection
A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /doctortimings.php. The manipulation of the argument editid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might...
PT-2026-53277
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /insertbillingrecord.php endpoint. This occurs when the patientid argument is manipulated, allowing a remote attacker to execute arbitrary SQL...
CVE-2026-13485
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...
CVE-2026-13487
CVE-2026-13487 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in an unknown function of /archive.php caused by manipulation of the sy argument. It can be exploited remotely, and public exploit code is available. The CVSS-derived metrics indicat...
EUVD-2026-39986
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...
PT-2026-53106
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /adminprofile.php endpoint. This occurs when the loginid variable is manipulated, allowing a remote attacker to execute unauthorized database...
CVE-2026-13333
CVE-2026-13333 affects the Groundhogg WordPress plugin up to version 4.5.5. The issue is a generic SQL injection in the query[select] path caused by insufficient escaping and inadequate preparation of the SQL query, allowing an authenticated attacker with Sales Representative-level access or high...
CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-0685
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
CVE-2026-57663
CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions
CVE-2026-57662
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57653
CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions
CVE-2026-57653 WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability
Contributor SQL Injection in WP Job Portal = 2.5.2 versions...
CVE-2026-57642
The CVE-2026-57642 entry documents a Contributor SQL Injection in the WordPress Gallery plugin, affected in versions up to 4.7.8. The vulnerability targets the Gallery plugin’s SQL queries (contributor-related flow) and is tracked with CVSS 3.1: Network attack vector, low attack complexity, privi...
EUVD-2026-39747
Administrator SQL Injection in Popup box = 6.0.1 versions...