CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

PT-2026-3971

Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a SQL Injection issue. This allows for Blind SQL Injection. T...

WordPress plugin WP Lead Capturing has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Aida Hotel Guest Hotspot security vulnerability

Aida Hotel Guest Hotspot is a hotel WiFi system developed by the Turkish company Aida. Versions of Aida Hotel Guest Hotspot prior to 22012026 contained a security vulnerability caused by improper handling of special elements, which could lead to SQL injection attacks...

WordPress plugin Happy Addons for Elementor SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-4259

Name of the Vulnerable Software and Affected Versions shinetheme Traveler versions prior to 3.2.8 Description An issue exists in shinetheme Traveler that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows an attacker to potentiall...

WordPress plugin Traveler SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-47853

...

CVE-2021-47846

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Transfer 2023 Mass Data Breach Overview This reposi...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

PT-2026-3801

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative...

WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...

Abacre Retail Point of Sale security vulnerability

Abacre Retail Point of Sale is a new generation retail management software developed by the Canadian company Abacre. Version 14.0.0.396 of Abacre Retail Point of Sale contains a security vulnerability, which stems from a content-based blind SQL injection vulnerability in the order search function...

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

EUVD-2026-3221

SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12...

CVE-2026-1132

CVE-2026-1132 affects Yonyou KSOA 9.0. The vulnerability lies in the HTTP GET Parameter Handler, specifically the /kmf/edit_folder.jsp file, where manipulating the folderid argument enables SQL injection. The exploit appears to be public and exploitable remotely; there is no vendor response or co...

CVE-2026-1130

Affected software: Yonyou KSOA 9.0. The vulnerability stems from the HTTP GET Parameter Handler processing of the file /worksheet/worksadd_plan.jsp, where manipulation of the ID argument enables SQL injection. This can be triggered remotely, and exploits have been published. Multiple sources conf...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...