Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

WordPress Tutor LMS Pro plugin <= 3.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

CVE-2026-0501

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

CVE-2026-0501 SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

PHPGurukul News Portal Project 安全漏洞

PHPGurukul News Portal Project is a news portal project by PHPGurukul Inc. A security vulnerability exists in PHPGurukul News Portal Project version V4.1, which stems from a SQL injection in the checkavailablity.php file...

PT-2026-2423

Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...

PT-2026-2479

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientEMS versions 7.0 through 7.4.4 Fortinet FortiClientEMS versions 7.2.0 through 7.2.10 Fortinet FortiClientEMS versions 7.4.0 through 7.4.1 Fortinet FortiClientEMS versions 7.4.3 through 7.4.4 Description An improper...

CVE-2025-69991

phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in checkavailablity.php...

VIAVIWEB Wallpaper Admin SQL注入漏洞

VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the login credentials that could lead to bypassing authentication...

CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CVE-2024-58339

Summary: CVE-2024-58339 affects LlamaIndex up to 0.12.2, due to an uncontrolled resource‑consumption path in the VannaQueryEngine. The vulnerable code is in llama_index/packs/vanna/base.py, inside custom_query(), where SQL is generated from a user‑supplied prompt and executed via vn.run_sql() wit...

WordPress DZS Video Gallery plugin <= 12.39 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin DZS Video Gallery versions = 12.39...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CVE-2025-52694 Execution of arbitrary SQL commands

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

PT-2026-1814

Name of the Vulnerable Software and Affected Versions Advantech IoTSuite & IoT Edge products affected versions not specified Description Successful exploitation of a SQL injection issue could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when...

EUVD-2026-1912

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

PT-2026-2042

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file /Administrator/PHP/AdminUpdateUser.php...

EUVD-2026-1959

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

EUVD-2026-1696

WeKnora vulnerable to SQL Injection...