Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Versions of Delinea Cloud Suite prior to 25.2 HF1 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements within SQL...

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability, which stems from an SQL injection vulnerability in the widget API endpoint. This vulnerability could lead to data leaks or the execution of arbitrary...

PT-2026-20957

Tanium addressed a SQL injection vulnerability in Asset...

CVE-2025-12812

CVE-2025-12812 describes an SQL Injection vulnerability in Delinea Cloud Suite and Privileged Access Service caused by improper neutralization of special elements in SQL commands. Multiple sources confirm the issue and its remediation: Cloud Suite is fixed in version 25.1. Affected component(s) a...

CVE-2025-7631

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection.This issue affects Tumeva Prime News Software:...

CVE-2026-1639

The Taskbuilder WordPress plugin (Taskbuilder – WordPress Project Management & Task Management) is affected by a time-based blind SQL Injection in all versions up to 5.0.2, via the parameters after parsing used in the plugin’s queries (notably order and sort_by). Root cause per sources: insuffici...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Delinea Cloud Suite has a security vulnerability that stems from improper handling of special elements within SQL commands, which may lead to SQL injection attacks...

XHan Admin SQL注入漏洞

XHan Admin is a management system developed by Alixhan’s individual developers. Versions of XHan Admin prior to 1.7.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in files/frontend-api/system-service/api/system/role/query, specifically...

PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-7631

CVE-2025-7631 affects Tumeva News Software (Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co.) through version 17022026. The issue is improper neutralization of special elements used in SQL commands (SQL Injection). CVSS 3.1: AV:N/AC:L/PR:N/UI:N/...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

The vulnerability described (CVE-2025-67102) affects Jorani up to version 1.0.4, specifically the alldayoffs feature. It is a SQL injection flaw exploitable by an authenticated attacker via the entity parameter, enabling arbitrary SQL execution. The provided documents do not specify affected envi...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

PT-2026-20339

Name of the Vulnerable Software and Affected Versions Sciyon Koyuan Thermoelectricity Heat Network Management System version 3.0 Description A security issue exists in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. The manipulation of the PGUID argument in the file...

PT-2026-8401

Name of the Vulnerable Software and Affected Versions Tumeva News Software versions through 17022026 Description The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential data exposure through attacks. The vend...

BIT-GITLAB-2025-14592 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

CVE-2026-2024

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...