PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...

EUVD-2026-0778

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

PT-2026-1199

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions prior to 20251224 Description A flaw exists in Seeyon Zhiyuan OA Web Application System. The issue involves the manipulation of the unitCode argument within an unknown function of the file...

PT-2026-3063

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.2 Description An unauthenticated user can execute SQL injection attacks through the inventory endpoint. The issue affects GLPI versions 11.0.0 through 11.0.2. The vulnerable endpoint is /inventory. The attack...

CVE-2025-15407

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-59389 Hyper Data Protector

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later...

CVE-2025-59389

CVE-2025-59389 affects Hyper Data Protector. A SQL injection vulnerability allows remote attackers to run unauthorized commands or code. Public descriptions consistently cite that versions prior to 2.2.4.1 are affected, with a fix released in 2.2.4.1 and later. Multiple connected sources corrobor...

CVE-2026-0546 code-projects Content Management System search.php sql injection

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may ...

CVE-2025-15435 Yonyou KSOA work_update.jsp sql injection

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15434

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early...

CVE-2025-15421 Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agentworksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publ...

PT-2026-1099

Name of the Vulnerable Software and Affected Versions MARS Multi-Application Recovery Service versions prior to 1.2.1.1686 Description An SQL injection issue affects MARS Multi-Application Recovery Service. Successful exploitation could allow remote attackers to execute unauthorized code or...

EUVD-2026-0005

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

EUVD-2026-0009

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

PT-2025-54443

Name of the Vulnerable Software and Affected Versions Codedraft Mediabay - WordPress Media Library Folders versions through 1.4 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for...

WordPress B1.lt for WooCommerce plugin <= 2.2.56 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin B1.lt for WooCommerce versions = 2.2.56...

WordPress Outdoor plugin <= 1.3.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by John Lee in WordPress Theme Outdoor versions = 1.3.2...

CVE-2025-15354

The CVE-2025-15354 vulnerability affects itsourcecode Society Management System 1.0. The flaw exists in the /admin/add_admin.php file, where manipulation of the Username parameter can lead to SQL injection. Attacks can be launched remotely over the network, and exploits have been published and ma...

CVE-2025-15186

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...