CVE-2026-10260 CodeAstro Online Job Portal delete-jobs.php sql injection

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

BIT-JOOMLA-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

EUVD-2026-30582

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...

Astra Linux - уязвимость в 389-ds-base

When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, resulting in a crash...

SQL Injection

PraisonAI is vulnerable to SQL Injection. The vulnerability is due to unsafe concatenation of the tableprefix configuration value into SQL queries without validation, which allows an attacker to inject arbitrary SQL and manipulate or access database contents...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

PT-2026-24689

Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...

EUVD-2026-9976

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

Pimcore SQL注入漏洞

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications for web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 11.5.14.1 and 12.3.2, as well as earlier...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

CVE-2023-40275

An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to common/search/searchByAjax/patientslistShow.jsp...

CVE-2021-31228

An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...

CVE-1999-0269

Netscape Enterprise servers may list files through the PageServices query...

CVE-2025-15353

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function editadminquery of the file /admin/editadminquery.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2025-14620 code-projects Student File Management System login_query.php sql injection

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-65380

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...

DokuWiki <= 2025-05-14a XSS Vulnerability

DokuWiki is prone to reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...