BeeS BET e-Portal 安全漏洞

BeeS BET e-Portal is a faculty and exam management system from BeeS India. A security vulnerability exists in BeeS BET e-Portal that stems from a SQL injection in the login function, which could lead to the execution of arbitrary SQL commands...

PT-2026-1748

Name of the Vulnerable Software and Affected Versions BeeS Software Solutions BET Portal affected versions not specified Description BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. This allows for the execution of arbitrary...

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

Area9 Rhapsode 安全漏洞

Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from insufficient input validation and could lead to an SQL injection attack...

CVE-2026-0729

CVE-2026-0729 concerns the Intern Membership Management System 1.0. The vulnerability is in the file /intern/admin/add_activity.php where manipulating the Title parameter enables SQL injection, with remote exploitation possible and exploits publicly available. Multiple sources corroborate the iss...

CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

UBUNTU-CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

Exploit for SQL Injection in Djangoproject Django

No d...

CVE-2025-67928 WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through = 18.6...

CVE-2025-67921 WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through 2.8.6...

CVE-2026-0699 code-projects Intern Membership Management System edit_activity.php sql injection

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. Remote exploitation of the attack is possible. The exploi...

PT-2026-1829

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk versions 18.34 Description A SQL injection issue exists due to the improper handling of user-supplied data. Specifically, the hfInventoryDistFormID parameter within the...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Media Search Enhanced versions = 0.9.1...

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

PT-2026-1429

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to time-based SQL Injection. This ...

CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...