CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

PT-2026-3971

Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a SQL Injection issue. This allows for Blind SQL Injection. T...

WordPress plugin WP Lead Capturing has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Aida Hotel Guest Hotspot security vulnerability

Aida Hotel Guest Hotspot is a hotel WiFi system developed by the Turkish company Aida. Versions of Aida Hotel Guest Hotspot prior to 22012026 contained a security vulnerability caused by improper handling of special elements, which could lead to SQL injection attacks...

WordPress plugin Happy Addons for Elementor SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-4259

Name of the Vulnerable Software and Affected Versions shinetheme Traveler versions prior to 3.2.8 Description An issue exists in shinetheme Traveler that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows an attacker to potentiall...

WordPress plugin Traveler SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-47853

...

CVE-2021-47846

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Transfer 2023 Mass Data Breach Overview This reposi...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

PT-2026-3801

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative...

WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...

Abacre Retail Point of Sale security vulnerability

Abacre Retail Point of Sale is a new generation retail management software developed by the Canadian company Abacre. Version 14.0.0.396 of Abacre Retail Point of Sale contains a security vulnerability, which stems from a content-based blind SQL injection vulnerability in the order search function...

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...