CVE-2025-15344

Tanium addressed a SQL injection vulnerability in Asset...

📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS

This document articulates an overview of remote SQL injection, command injection, and cross site scripting vulnerabilities found in the Alicorn version from 2004...

CVE-2025-57793 SQL Injection Vulnerability in Explorance Blue

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

SQL Injection

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to SQL Injection via the Nextmatch filter processing. An attacker can execute arbitrary SQ...

EUVD-2026-4883

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2026-1449

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function PageLoad of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack...

PT-2026-5137

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

EGroupware SQL Injection Vulnerability

EGroupware is an online office platform developed by EGroupware Inc. Versions of EGroupware prior to 23.1.20260113 and 26.0.20260113 contained a SQL injection vulnerability. This vulnerability stemmed from issues with PHP type confusion handled by the Nextmatch filter, which could lead to SQL...

PT-2026-5080

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2026-1478

The CVE-2026-1478 issue concerns the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. It describes an out-of-band SQL injection (OOB SQLi) in the API endpoints, specifically in the parameters Id_usuario and Id_evaluacion of /evaluacion_hca_evalua.aspx. The vulnerabi...

SGH SQL injection vulnerability

SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...

CVE-2026-0603

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from the GetServiceByRestaurantID endpoint, which does not properly clean or parameterize user inputs,...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-4764

The CVE-2025-4764 issue is a SQL Injection vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot, due to improper neutralization of special elements in SQL commands. Affected product/version: Hotel Guest Hotspot up to and including 22012026. Impact is rated high (CVSS 3.1...

PT-2026-3923

Name of the Vulnerable Software and Affected Versions Aida Computer Information Technology Inc. Hotel Guest Hotspot versions through 22012026 Description A flaw exists in Aida Computer Information Technology Inc. Hotel Guest Hotspot that allows for SQL Injection due to improper neutralization of...

CVE-2021-47848

CVE-2021-47848 concerns Blitar Tourism 1.0, where an authentication bypass is caused by SQL injection through the username parameter, enabling attackers to bypass login and gain unauthorized administrative access. The available documents describe the vulnerability mechanism and impact (auth bypas...

Application-Biro-Travel SQL Injection Vulnerability

Aplikasi-Biro-Travel is a travel information application personally developed by Satria Arissandy. Version 1.0 of Aplikasi-Biro-Travel has a SQL injection vulnerability. This vulnerability arises due to the use of a username parameter, which can lead to authentication bypass...

security-antipatterns-java

Security Anti-Patterns for Java AI coding agents write insecu...