CVE-2026-2820

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...

CVE-2025-12812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

WordPress plugin Allmart SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-20991

Name of the Vulnerable Software and Affected Versions Fujian Smart Integrated Management Platform System versions up to 7.5 Description A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically...

PT-2026-21132

Name of the Vulnerable Software and Affected Versions TeconceTheme Crete Core versions through 1.4.3 Description A flaw exists in TeconceTheme Crete Core crete-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

WordPress plugin JS Help Desk 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

CVE-2025-9953

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this...

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2026-2706

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysisnot.php. This manipulation of the argument compid causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-12707 Library Management System <= 3.2.1 - Unauthenticated SQL Injection

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

PT-2026-20717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

PT-2026-20645

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis not.php. This manipulation of the argument comp id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-20901

Name of the Vulnerable Software and Affected Versions Delinea Cloud Suite versions prior to 25.2 HF1 Description An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in Delinea Cloud Suite, allowing argument injection. The issue affects the...

FileFlows 安全漏洞

FileFlows is an open-source, self-hosted file processing system developed by FileFlows. Versions of FileFlows prior to 25.05.2 contained security vulnerabilities. These vulnerabilities stemmed from the SQL injection vulnerability in the library file search function, which could lead to privilege...

CVE-2025-12812

CVE-2025-12812 describes an SQL Injection vulnerability in Delinea Cloud Suite and Privileged Access Service caused by improper neutralization of special elements in SQL commands. Multiple sources confirm the issue and its remediation: Cloud Suite is fixed in version 25.1. Affected component(s) a...

CVE-2025-7631

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection.This issue affects Tumeva Prime News Software:...

CVE-2026-1639

The Taskbuilder WordPress plugin (Taskbuilder – WordPress Project Management & Task Management) is affected by a time-based blind SQL Injection in all versions up to 5.0.2, via the parameters after parsing used in the plugin’s queries (notably order and sort_by). Root cause per sources: insuffici...

XHan Admin SQL注入漏洞

XHan Admin is a management system developed by Alixhan’s individual developers. Versions of XHan Admin prior to 1.7.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in files/frontend-api/system-service/api/system/role/query, specifically...