2820 matches found
CVE-2026-34825
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...
EUVD-2026-18482
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...
CVE-2026-33616
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-33616
CVE-2026-33616 concerns mb CONNECT24’s mb24api endpoint, where an unauthenticated blind SQL injection is possible due to improper handling of SQL SELECT elements. The description notes total loss of confidentiality if exploited. The CVSS 3.1 base score is 7.5 (HIGH), with network access, no privi...
Payload has an SQL Injection via Query Handling
Impact Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. Patches This issue has been fixed in v3.79.1 and later. Query input validation has been hardened. Upgrade to v3.79...
EUVD-2026-17341
A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...
EUVD-2026-17311
A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
PT-2026-29199
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
HCL Aftermarket DPC SQL Injection Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to execut...
VulnCheck KEV: CVE-2025-10090
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...
MikroORM SQL注入漏洞
MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. Versions of MikroORM prior to 6.6.10 and 7.0.6 contained a SQL injection vulnerability. This vulnerability arises from the interpretation of specially crafted objects as ra...
PT-2026-29054
SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...
SQL Injection
Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via the...
CVE-2026-5034
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...
Code-Projects Accounting System SQL注入漏洞
Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the enid parameter in the file/viewwork.php, which may lead to SQL injection...
CVE-2026-4956
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...
CVE-2026-4996 Sinaptik AI PandasAI pandasai-lancedb Extension lancedb.py get_relevant_docs_by_id sql injection
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....
Improper Neutralization of Special Elements in Data Query Logic
Overview adx-mcp-server is a MCP server for Azure Data Explorer integration Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the gettableschema, sampletabledata, and gettabledetails handlers when the tablename parameter is...
websec-payloads
Web Security Payloads & Exploitation Reference Comprehensiv...