WeGIA SQL注入漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions 3.6.5 and 3.6.6 of WeGIA contain SQL injection vulnerabilities. These vulnerabilities stem from a lack of content validation during the loading of SQL files by the loadBackupDB...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the/api/search/fullTextSearchBlock endpoint, which could allow...

PT-2026-26563

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin edit employee.php. Executing a manipulation of the argument First Name can lead to sql injection. It is possible to launch the attack remotely. The exploit...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getAllCategories function via the doNotShowCats parameter due to insufficient sanitization, where only single quotes are stripped but...

BasicSQLiScanner

No d...

EUVD-2026-13093

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

PT-2026-26283

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

WordPress plugin Profile Builder Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-26250

🔴 CVE-2026-27413 - Critical Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile ... https://t.co/OrD4pUzaav https://t.co/t4vSMOeqXj...

EUVD-2025-208838

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

EUVD-2025-208836

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

Microsoft Dynamics 365 Customer Engagement 安全漏洞

Microsoft Dynamics 365 Customer Engagement is an enterprise-level application system developed by Microsoft for customer relationship management and business process automation. Version 1612.2.3034 of Microsoft Dynamics 365 Customer Engagement contains a security vulnerability. This vulnerability...

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

Unspecified vulnerability in AnythingLLM (CNVD-2026-17191)

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...

Kanboard SQL注入漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained a SQL injection vulnerability. This vulnerability could lead to the exposure of databas...

Cockpit SQL注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...

CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...