CVE-2026-29073

Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.

CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

EUVD-2026-9978

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

Webiness Inventory SQL注入漏洞

Webiness Inventory is a web-based inventory management system developed by the individual developer of Webiness. Version 2.3 of Webiness Inventory has a SQL injection vulnerability. This vulnerability stems from an issue with the order parameter, which allows for SQL injections, potentially...

PT-2026-23685

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

Tina4 Stack SQL注入漏洞

Tina4 Stack is a collection of full-stack development frameworks provided by Tina4 Corporation. Version 1.0.3 of Tina4 Stack contains an SQL injection vulnerability. This vulnerability stems from allowing direct access to database files and SQL injections, which may enable unverified attackers to...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

Jeson Customer Relationship Management System SQL注入漏洞

Jeson Customer Relationship Management System is a lightweight customer relationship management system developed by DefaultFunction’s individual developer. Version 1.0.0 of Jeson Customer Relationship Management System has a SQL injection vulnerability. This vulnerability arises from incorrect...

EUVD-2026-9647

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2026-28115

CVE-2026-28115 is described as an SQL Injection in the WordPress plugin WP Attractive Donations System – Easy Stripe & Paypal donations (WP_AttractiveDonationsSystem) affecting versions up to 1.25. The issue is labeled as an improper neutralization of special elements in SQL commands, enabling bl...

CVE-2026-27373 WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through = 1.2.3...

CVE-2025-69338 WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through = 1.6.26...

PT-2026-23268

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.49 and 17.0.7 have a SQL injection vulnerability, which stems from SQL query injections in the Call Data...

CVE-2026-20002

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...

CVE-2019-25504

NCrypted Jobgator contains an SQL injection vulnerability in the Find-Jobs endpoint. The vulnerability is triggered via the experience parameter, allowing unauthenticated attackers to manipulate database queries and extract sensitive data. An attacker can send crafted POST requests to the agents ...

Vulnerability fixed in n8n Automation Platform

N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...

CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...