EUVD-2019-19401

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

CVE-2026-2057

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

OESA-2026-1309 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

EUVD-2026-5689

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

EUVD-2026-5659

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public...

CVE-2026-21643

Fortinet FortiClient EMS 7.4.4 and earlier are affected by an unauthenticated SQL injection vulnerability described in the connected Nuclei template for CVE-2026-21643. The vulnerability resides in the /api/v1/init_consts endpoint, where the HTTP header value in the Site header is passed directly...

EUVD-2026-5681

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2025-1823

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

PT-2026-6710

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System that allows for SQL injection. Manipulation of the ID argument in the file /ramonsys/soa/index.php can lead to unauthorized...

PT-2026-6822

Name of the Vulnerable Software and Affected Versions eLection version 2.0 Description The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the id parameter. Exploitation can be performed using SQLMap,...

Project 1 - Globitek CMS SQL注入漏洞

Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.04 of Project 1 – Globitek CMS contains an SQL injection vulnerability. This vulnerability stems from the SQL injection present in the id GET parameter, which may allow attackers to extract or manipulate databas...

SQL Injection

Overview @payloadcms/db-sqlite is a The officially supported SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379 A SQL Injection vulnerability has been addressed in IBM Aspera Console

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2026-5535

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

CVE-2025-1823

IBM Jazz Reporting Service (Lifecycle Query Engine) contains CVE-2025-1823: an authenticated user with host-network access can trigger a denial of service by sending a specially crafted SQL query that consumes excessive memory. Affected versions are IBM Jazz Reporting Service 7.1 and 7.0.3 (7.1iF...

CVE-2025-1823 IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

EUVD-2026-5360

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...