CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

CVE-2026-2820

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...

CVE-2025-12812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

WordPress plugin Coven Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

WordPress plugin Allmart SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin JS Help Desk 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Part-DB SQL注入漏洞

Part-DB is an open-source web-based database designed for managing electronic components. Version 0.4 of Part-DB contains a SQL injection vulnerability. This vulnerability stems from SQL injection attacks on authentication parameters, which could allow unverified attackers to bypass authenticatio...

PT-2026-21137

Name of the Vulnerable Software and Affected Versions TeconceTheme Woodly Core versions through 1.4 Description A flaw exists in TeconceTheme Woodly Core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially all...

PT-2026-20991

Name of the Vulnerable Software and Affected Versions Fujian Smart Integrated Management Platform System versions up to 7.5 Description A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically...

PT-2026-21133

Name of the Vulnerable Software and Affected Versions TeconceTheme Electio Core versions through 1.4 Description The software contains a flaw due to improper neutralization of special elements used in an SQL command, leading to a Blind SQL Injection condition. This allows for potential unauthoriz...

PT-2026-21132

Name of the Vulnerable Software and Affected Versions TeconceTheme Crete Core versions through 1.4.3 Description A flaw exists in TeconceTheme Crete Core crete-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

PT-2026-21147

Name of the Vulnerable Software and Affected Versions TeconceTheme Uroan Core versions through 1.4.4 Description A flaw exists in TeconceTheme Uroan Core that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in an SQL command. Recommendations Update...

PT-2026-21009

Name of the Vulnerable Software and Affected Versions Talentics versions through 20022026 Description A flaw exists in Talentics that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. The vendor was contacted regarding this issue but did not...

Yinda Yunchuang Smart Integrated Management Platform System SQL注入漏洞

Yinda Yunchuang Smart Integrated Management Platform System is a smart management system developed by Yinda Yunchuang. Versions of the Yinda Yunchuang Smart Integrated Management Platform System prior to 7.5 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect...

PT-2026-21136

Name of the Vulnerable Software and Affected Versions TeconceTheme Saasplate Core versions through 1.2.8 Description A flaw exists in TeconceTheme Saasplate Core saasplate-core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issu...

CVE-2026-2435

Tanium addressed a SQL injection vulnerability in Asset...

CVE-2026-1581

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-9953

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...