PT-2026-1975

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A flaw exists in code-projects Intern Membership Management System 1.0 where manipulation of the Username argument in the file '/intern/admin/add admin.php' can lead to ...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2019-12850

A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168...

CVE-2025-14153

The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2025-15447

A vulnerability has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. This affects an unknown function of the file /assetsGroupReport/assetsService.j%73p. The manipulation of the argument unitCode leads to sql injection. It is possible to initiate the attack remotely. The...

PT-2026-1400

Name of the Vulnerable Software and Affected Versions CBX Bookmark & Favorite plugin for WordPress versions through 2.0.4 Description The software contains a SQL Injection flaw due to inadequate input sanitization of the orderby parameter. This allows authenticated attackers with Subscriber-level...

CVE-2026-0584

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/leftcart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-0582

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15239 Quanta Computer｜QOCA aim AI Medical Cloud Platform - SQL Injection

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15238 Quanta Computer｜QOCA aim AI Medical Cloud Platform - SQL Injection

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15436

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/workedit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may b...

CVE-2025-55065

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

CVE-2026-0569

The CVE-2026-0569 entry concerns code-projects Online Music Site 1.0. Affected component: /Frontend/AlbumByCategory.php, where manipulation of the ID argument enables SQL injection. This vulnerability can be exploited remotely and, per the sources, the exploit has been disclosed publicly. Connect...

CVE-2025-65125

CVE-2025-65125 affects gosaliajainam/online-movie-booking version 5.5, where a SQL injection in movie_details.php can disclose sensitive information. The vulnerability is labeled as high-severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8). Exploitation is network-based with n...

PT-2026-1003

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A security flaw exists in itsourcecode School Management System 1.0. The issue affects an unknown part of the file /student/index.php. Manipulation of the ID argument can lead to SQ...

CVE-2025-15392 Kohana KodiCMS Search API Endpoint page.php like sql injection

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...

CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2025-15353

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function editadminquery of the file /admin/editadminquery.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now...