PT-2026-21132

Name of the Vulnerable Software and Affected Versions TeconceTheme Crete Core versions through 1.4.3 Description A flaw exists in TeconceTheme Crete Core crete-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

PT-2026-21133

Name of the Vulnerable Software and Affected Versions TeconceTheme Electio Core versions through 1.4 Description The software contains a flaw due to improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection condition. This allows for potential unauthoriz...

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

CVE-2026-1581

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-9953

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2026-2706

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysisnot.php. This manipulation of the argument compid causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-2706 code-projects Patient Record Management System fecalysis_not.php sql injection

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysisnot.php. This manipulation of the argument compid causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-12707 Library Management System <= 3.2.1 - Unauthenticated SQL Injection

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

CVE-2026-2690 itsourcecode Event Management System Admin Login ajax.php sql injection

A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...

PT-2026-20645

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis not.php. This manipulation of the argument comp id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-20901

Name of the Vulnerable Software and Affected Versions Delinea Cloud Suite versions prior to 25.2 HF1 Description An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in Delinea Cloud Suite, allowing argument injection. The issue affects the...

PT-2026-20717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

PT-2026-20865

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin versions prior to 2.4.15 Description The wpForo Forum plugin for WordPress is susceptible to time-based SQL Injection through the wpfob parameter. Insufficient escaping of user-supplied input and inadequate SQL query...

FileFlows 安全漏洞

FileFlows is an open-source, self-hosted file processing system developed by FileFlows. Versions of FileFlows prior to 25.05.2 contained security vulnerabilities. These vulnerabilities stemmed from the SQL injection vulnerability in the library file search function, which could lead to privilege...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

itsourcecode Event Management System SQL注入漏洞

itsourcecode Event Management System is an open-source event management system developed by itsourcecode. Version 1.0 of the itsourcecode Event Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the...