8123 matches found
CVE-2025-69365 WordPress Uroan Core plugin <= 1.4.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from n/a through = 1.4.4...
CVE-2025-69309
CVE-2025-69309 affects WordPress plugin Saasplate Core (saasplate-core) up to and including version 1.2.8, due to improper neutralization of special elements in SQL queries, enabling Blind SQL Injection. Affected versions range from n/a through 1.2.8; Red Hat and CVE listings corroborate this sco...
CVE-2025-69309 WordPress Saasplate Core plugin <= 1.2.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplate Core: from n/a through = 1.2.8...
CVE-2025-69307
CVE-2025-69307 describes a Blind SQL Injection in the WordPress plugin Medinik Core (TeconceTheme Medinik Core) up to and including version 1.3.6. Multiple sources (NVD, Red Hat, CVE listings, Patchstack, and vuln databases) concur on the affected product and the SQLi class issue, with a CVSS v3....
CVE-2026-25378
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...
CVE-2025-10970
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-2822
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airagapp,1,createby of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection. The attack can be...
CVE-2026-26990
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...
CVE-2026-2820
A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...
CVE-2025-12812
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...
Part-DB SQL注入漏洞
Part-DB is an open-source web-based database designed for managing electronic components. Version 0.4 of Part-DB contains a SQL injection vulnerability. This vulnerability stems from SQL injection attacks on authentication parameters, which could allow unverified attackers to bypass authenticatio...
WordPress plugin Allmart SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-21137
Name of the Vulnerable Software and Affected Versions TeconceTheme Woodly Core versions through 1.4 Description A flaw exists in TeconceTheme Woodly Core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially all...
WordPress plugin Coven Core SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...
PT-2026-21009
Name of the Vulnerable Software and Affected Versions Talentics versions through 20022026 Description A flaw exists in Talentics that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. The vendor was contacted regarding this issue but did not...
WordPress plugin JS Help Desk 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Yinda Yunchuang Smart Integrated Management Platform System SQL注入漏洞
Yinda Yunchuang Smart Integrated Management Platform System is a smart management system developed by Yinda Yunchuang. Versions of the Yinda Yunchuang Smart Integrated Management Platform System prior to 7.5 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect...
PT-2026-20991
Name of the Vulnerable Software and Affected Versions Fujian Smart Integrated Management Platform System versions up to 7.5 Description A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically...
PT-2026-21147
Name of the Vulnerable Software and Affected Versions TeconceTheme Uroan Core versions through 1.4.4 Description A flaw exists in TeconceTheme Uroan Core that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in an SQL command. Recommendations Update...
PT-2026-21136
Name of the Vulnerable Software and Affected Versions TeconceTheme Saasplate Core versions through 1.2.8 Description A flaw exists in TeconceTheme Saasplate Core saasplate-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issu...