PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Delinea Cloud Suite has a security vulnerability that stems from improper handling of special elements within SQL commands, which may lead to SQL injection attacks...

CVE-2025-7631

CVE-2025-7631 affects Tumeva News Software (Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co.) through version 17022026. The issue is improper neutralization of special elements used in SQL commands (SQL Injection). CVSS 3.1: AV:N/AC:L/PR:N/UI:N/...

CVE-2025-67102

Jorani versions up to 1.0.4 contain a SQL injection vulnerability in the alldayoffs feature, exploitable by an authenticated attacker via the entity parameter to execute arbitrary SQL commands. Multiple sources (Red Hat, CVE listings, PT-Security advisory) concur that the issue stems from imprope...

PT-2026-20339

Name of the Vulnerable Software and Affected Versions Sciyon Koyuan Thermoelectricity Heat Network Management System version 3.0 Description A security issue exists in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. The manipulation of the PGUID argument in the file...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

PT-2026-8401

Name of the Vulnerable Software and Affected Versions Tumeva News Software versions through 17022026 Description The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential data exposure through attacks. The vend...

BIT-GITLAB-2025-14592 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

CVE-2026-2024

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...

PrestaShop 安全漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. There are security vulnerabilities in the PrestaShop module AdvancedPopupCreato...

CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

CVE-2025-55210

CVE-2025-55210 affects FreePBX PBX API (module api) prior to 17.0.5 and 16.0.17. The issue allows privilege escalation for authenticated users with REST/GraphQL API access by forging a valid JWT signed with the api-oauth.key private key and arbitrary scopes. The token will be accepted only if its...

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025...

elearning-script SQL注入漏洞

elearning-script is an e-learning blog developed by Amit Kollol Dey. Version 1.0 of elearning-script has a SQL injection vulnerability, which stems from incorrect handling of login parameters in the /login.php file. This vulnerability could lead to authentication bypasses...