3472 matches found
PT-2026-47763
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...
WordPress plugin KittyCatfish SQLๆณจๅ ฅๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-11584
CodeAstro Student Attendance Management System 1.0 contains an SQL injection in /attendance-php/Admin/createClass.php?action=edit caused by unsafely manipulated ID parameter. The vulnerability is exploitable remotely and, per sources, an exploit has been publicized. No remediation details are pro...
EUVD-2026-35056
A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
USN-8395-1: Netatalk vulnerabilities
Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...
EUVD-2026-35050
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...
CVE-2026-11486
The CVE-2026-11486 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is in /archive1.php where manipulation of the argument sy leads to SQL injection. It enables remote exploitation, with the exploit publicly available. Documents do not specify affected versions beyo...
CVE-2026-11472 SourceCodester Class and Exam Timetabling System index1.php sql injection
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...
PT-2026-47248
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists in the /archive1.php endpoint. This occurs when the sy argument is manipulated, allowing for remote exploitation. SQL injection is a techniq...
ProjeQtor 12.4.3 SQL Injection Validator for Login Endpoints
This Python script is a defensive validation tool designed to identify potential SQL injection indicators in login functionality without modifying database contents or attempting exploitation...
PT-2026-47439
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home salary.php. The manipulation of the argument rate/salary rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
๐ Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution
Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...
CVE-2026-11456
CVE-2026-11456 affects Chanjet CRM 1.0, specifically the HTTP GET Request Handlerโs /tools/jxf_dump_systable.php. Manipulating the argument gblOrgID enables SQL injection, as described in the CVE. The vulnerability can be triggered remotely, and a publicly available exploit is indicated. Affected...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-31380
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-8132
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txtusername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be...
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41328
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
CVE-2026-40845
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...