API Security Testing and Vulnerability Assessment

APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-5964 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5964 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5964

CVE-2026-5964 affects EasyFlow .NET (Digiwin). The vulnerability is a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Public details from TWCERT/NVD describe the issue but do not provide a con...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

PT-2026-33816

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...

CVE-2026-39109

CVE-2026-39109 : SQL injection in the Apartment Visitors Management System V1.1, specifically in the username parameter of login (index.php). This unauthenticated vulnerability allows an attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents. Con...

PT-2026-33751

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

PT-2026-33726

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description A SQL Injection flaw allows unauthenticated remote attackers to inject arbitrary SQL commands. This can lead to the unauthorized reading, modification, and deletion of database contents...

PT-2026-33818

Name of the Vulnerable Software and Affected Versions Apartment Visitors Management System version 1.1 Description An issue exists in the forgot password page 'forgot-password.php' where the email parameter is susceptible to SQL Injection. This allows an unauthenticated attacker to manipulate...

PT-2026-33817

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

SQL Injection

PraisonAI is vulnerable to SQL Injection. The vulnerability is due to unsafe concatenation of the tableprefix configuration value into SQL queries without validation, which allows an attacker to inject arbitrary SQL and manipulate or access database contents...

SQL Injection

Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...

CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

CVE-2026-40476 graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...