CVE-2025-10970 SQLi in Kolay Software's Talentics

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2026-2821

A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the argument ChannelName causes sql injection. Remote exploitation of the attack is possible. The...

WordPress plugin Electio Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Phpscriptsmall Fiverr Clone Script SQL注入漏洞

Phpscriptsmall Fiverr Clone Script is a set of software scripts developed by Phpscriptsmall. The Phpscriptsmall Fiverr Clone Script 1.2.2 version contains an SQL injection vulnerability. This vulnerability stems from the page parameter, which allows for SQL injections, potentially enabling...

LangGraph.js 注入漏洞

LangGraph.js is an open-source large model orchestration framework developed by LangChain. Versions of LangGraph.js prior to 1.0.2 contained a injection vulnerability. This vulnerability stemmed from the lack of proper escaping of user input during filter processing, which could lead to query...

PT-2026-21135

Name of the Vulnerable Software and Affected Versions TeconceTheme Nestbyte Core versions through 1.2 Description A flaw exists in TeconceTheme Nestbyte Core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially...

CVE-2026-2744

...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-15560 SQL Injection in NesterSoft WorkTime

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2026-1639

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...

WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Nelio AB Testing versions = 8.2.4...

WordPress plugin Nelio AB Testing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

GHSA-5MX2-W598-339M RediSearch Query Injection in @langchain/langgraph-checkpoint-redis

Summary A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has...

CVE-2019-25359 SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enablin...

CVE-2026-27179 MajorDoMo Unauthenticated SQL Injection in Commands Module

MajorDoMo aka Major Domestic Module contains an unauthenticated SQL injection vulnerability in the commands module. The commandssearch.inc.php file directly interpolates the $GET'parent' parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is...

WordPress Taskbuilder plugin <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability

Authenticated Subscriber+ SQL Injection via 'order' and 'sortby' Parameters vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...

PT-2026-21300

Name of the Vulnerable Software and Affected Versions @langchain/langgraph-checkpoint-redis versions prior to 1.0.2 Description A query injection issue exists in the RedisSaver and ShallowRedisSaver classes of the @langchain/langgraph-checkpoint-redis package. These classes build RediSearch queri...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...