8123 matches found
CVE-2026-2094 Flowring|Docpedia - SQL Injection
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
CVE-2026-0488
CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....
CVE-2026-2195
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out...
CVE-2026-2196
A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument testid results in sql injection. The attack may be performed from remote. The...
PT-2026-7418
Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop is a TypeScript-first eCommerce platform susceptible to a second-order SQL injection. During category update and deletion event handling, the application incorporates values from the url...
Flowring Docpedia SQL注入漏洞
Flowring Docpedia is a document management system developed by Flowring Corporation. Flowring Docpedia has a SQL injection vulnerability. This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands, potentially leading to the reading, modification, or deletion of...
GHSA-FXP3-G6GW-4R4V Craft CMS: GraphQL Asset Mutation Privilege Escalation
There is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not...
Server-side Request Forgery (SSRF)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the saveAsset mutation in GraphQL when alternative IP notations are used in the URL parameter. An attacker can access internal cloud metadata services by...
CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation
Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...
CVE-2026-25492
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...
CVE-2026-2225
CVE-2026-2225 affects itsourcecode News Portal Project 1.0. The vulnerability resides in the Administrator Login component, specifically the file /admin/index.php, where manipulating the email argument enables a SQL injection. The issue can be exploited remotely, and the exploit has been publishe...
CVE-2026-2236 HGiga|C&Cm@il - SQL Injection
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...
CVE-2026-2211
CVE-2026-2211 (code-projects Online Music Site 1.0) : The vulnerability is in the unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. A manipulation of the argument ID can trigger a SQL injection , with the attack executable remotely. Public disclosure of the exploit is noted...
CVE-2026-2117
A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. The attack can be initiated remotely. The exploit has been made...
CVE-2026-2199
A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...
CVE-2026-2195
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out...