EUVD-2026-17131

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2018-25231 HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

CVE-2026-5033

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

yudao-cloud SQL注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV as an individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Website” in files located at...

PT-2026-28744

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A SQL injection issue exists in code-projects Accounting System version 1.0. The issue is located in an unknown functionality within the /view costumer.php file, specifically affecting th...

CVE-2026-33980

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

CVE-2026-30529

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the saveuser action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious S...

SUSE CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from improper handling of parameters by the unknown function in...

PandasAI SQL注入漏洞

PandasAI is a Python library that integrates artificial intelligence functions into pandas. Versions of PandasAI 0.1.4 and earlier contain a SQL injection vulnerability, which stems from incorrect operations on functions in the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb.py,...

CVE-2026-33980

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

CVE-2026-33980 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

CVE-2026-33980

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries

Summary adx-mcp-server ListDictstr, Any: client = getkustoclient query = f"tablename | getschema" ListDictstr, Any: client = getkustoclient query = f"tablename | sample samplesize" ListDictstr, Any: client = getkustoclient query = f".show table tablename details" -- KQL injection resultset =...

EUVD-2026-16878

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries...

EUVD-2026-16684

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/managecategory.php via the "id" parameter...

CVE-2026-33867 AVideo has Plaintext Video Password Storage

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...

CVE-2026-30534

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/managecategory.php via the "id" parameter...

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...