CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

EUVD-2026-5689

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

EUVD-2026-5659

A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public...

EUVD-2026-5681

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2026-21643

Fortinet FortiClient EMS 7.4.4 and earlier are affected by an unauthenticated SQL injection vulnerability described in the connected Nuclei template for CVE-2026-21643. The vulnerability resides in the /api/v1/init_consts endpoint, where the HTTP header value in the Site header is passed directly...

CVE-2025-1823

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

Project 1 - Globitek CMS SQL注入漏洞

Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.04 of Project 1 – Globitek CMS contains an SQL injection vulnerability. This vulnerability stems from the SQL injection present in the id GET parameter, which may allow attackers to extract or manipulate databas...

PT-2026-6710

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System that allows for SQL injection. Manipulation of the ID argument in the file /ramonsys/soa/index.php can lead to unauthorized...

PT-2026-6822

Name of the Vulnerable Software and Affected Versions eLection version 2.0 Description The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the id parameter. Exploitation can be performed using SQLMap,...

SQL Injection

Overview @payloadcms/db-sqlite is a The officially supported SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379 A SQL Injection vulnerability has been addressed in IBM Aspera Console

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2026-5535

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

CVE-2025-1823

IBM Jazz Reporting Service (Lifecycle Query Engine) contains CVE-2025-1823: an authenticated user with host-network access can trigger a denial of service by sending a specially crafted SQL query that consumes excessive memory. Affected versions are IBM Jazz Reporting Service 7.1 and 7.0.3 (7.1iF...

CVE-2025-1823 IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

EUVD-2026-5360

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

UBUNTU-CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

CVE-2026-25056

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...