CVE-2026-7131

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

EUVD-2026-25859

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-7126

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=savecategory. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released t...

EUVD-2026-25820

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

CVE-2026-7087 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

ProjeQtOr SQL注入漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain SQL injection vulnerabilities. These vulnerabilities stem from the login function, where the login variable directly concatenates SQL queries without parameterization ...

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

EUVD-2026-25703

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7023

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6978

CVE-2026-6978 affects JiZhiCMS versions up to 2.5.6. The vulnerability is in the htmlspecialchars_decode usage in /index.php/admins/Sys/addcache.html, where manipulation of the sqls parameter enables SQL injection. The flaw allows remote exploitation, and the exploit is publicly available. The ve...

JIZHICMS 注入漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Versions of JIZHICMS 2.5.6 and earlier had a vulnerability related to SQL injection. This vulnerability stemmed from improper handling of parameters in the htmlspecialcharsdecode function located at...

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the cond field in an upsert mutation. ...

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

i18next-locize-backend has URL Injection via Unsanitized Path Parameters

Summary Versions of i18next-locize-backend prior to 9.0.2 interpolate lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLanguagesPath URL templates with no path-component validation and no encoding. When an application exposes any of...

CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

SUSE CVE-2026-35588

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...

PT-2026-34561

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...

EUVD-2026-24290

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...