CVE-2026-23980

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

CVE-2026-3042

A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public a...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...

PT-2026-21799

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...

PT-2026-21810

Name of the Vulnerable Software and Affected Versions itsourcecode Document Management System version 1.0 Description A SQL injection issue exists due to the improper handling of the Username argument within the /loging.php component of the Login functionality. This allows for remote exploitation...

EasyDiscuss by Stackideas,, , SQL Injection

EasyDiscuss by Stackideas,, , SQL Injection...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

CVE-2019-25391

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...

CVE-2019-25439

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

Web Ofisi E-Ticaret SQL注入漏洞

Web Ofisi E-Ticaret is an e-commerce system developed by the Turkish company Web Ofisi. The Web Ofisi E-Ticaret v3 version has a SQL injection vulnerability, which stems from insufficient input validation for the ‘a’ parameter. This vulnerability may lead to SQL injection attacks...

CVE-2025-69308

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through = 1.2...

CVE-2025-69337

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: from n/a through = 1.9.6...

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

itsourcecode Vehicle Management System SQL注入漏洞

itsourcecode Vehicle Management System is an open-source vehicle management system developed by itsourcecode. Version 1.0 of the itsourcecode Vehicle Management System has a SQL injection vulnerability. This vulnerability arises from the handling of parameter IDs in the /billaction.php file, whic...

CVE-2025-69309

CVE-2025-69309 affects WordPress plugin Saasplate Core (saasplate-core) up to and including version 1.2.8, due to improper neutralization of special elements in SQL queries, enabling Blind SQL Injection. Affected versions range from n/a through 1.2.8; Red Hat and CVE listings corroborate this sco...

CVE-2025-69309 WordPress Saasplate Core plugin <= 1.2.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplate Core: from n/a through = 1.2.8...

CVE-2025-69307

CVE-2025-69307 describes a Blind SQL Injection in the WordPress plugin Medinik Core (TeconceTheme Medinik Core) up to and including version 1.3.6. Multiple sources (NVD, Red Hat, CVE listings, Patchstack, and vuln databases) concur on the affected product and the SQLi class issue, with a CVSS v3....

CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...