CVE-2026-1130

Affected software: Yonyou KSOA 9.0. The vulnerability stems from the HTTP GET Parameter Handler processing of the file /worksheet/worksadd_plan.jsp, where manipulation of the ID argument enables SQL injection. This can be triggered remotely, and exploits have been published. Multiple sources conf...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...

Prime security vulnerabilities

Prime is a content management system developed by Birkir Gudjonsson. Versions of Prime prior to 0.4.0.beta.0 contained security vulnerabilities, which were caused by incorrect operations with files and GraphQL queries, potentially leading to resource consumption...

PT-2026-3453

Name of the Vulnerable Software and Affected Versions Koko Analytics versions prior to 2.1.3 Description Koko Analytics, an open-source analytics plugin for WordPress, is susceptible to arbitrary SQL execution due to unescaped analytics export/import and permissive admin SQL import. Unauthenticat...

Devolutions Server security vulnerabilities

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.12 contained a security vulnerability due to SQL injection vulnerabilities...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of parameters named “ID” in the file/worksheet/worksaddplan.jsp. This vulnerability may lead to S...

Intern Membership Management System /add_admin.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...

CVE-2026-1119

CVE-2026-1119 affects itsourcecode Society Management System 1.0. The vulnerability is in an unknown function of the file /admin/delete_activity.php, where manipulating the activity_id parameter can trigger a SQL injection. The attack can be launched remotely, and exploits have been published. Se...

CVE-2026-1119

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

Exploit for CVE-2025-67261

CVE-2025-67261 - Content-based blind SQL injection on Abacre R...

PT-2026-3390

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulation of the ID argument in the /worksheet/work info.jsp file can lead to SQL injection. This issue is remotel...

PT-2026-3387

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System version 1.0 that could allow for remote code execution. The issue is located in the /admin/delete activity.php file,...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically the...

EUVD-2026-3145

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2021-47766 Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

CVE-2025-14615

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

Wolters Kluwer Kmaleon SQL injection vulnerability

Wolters Kluwer Kmaleon is an automated case management software developed by the German company Wolters Kluwer. Version 1.1.0.205 of Wolters Kluwer Kmaleon contains a SQL injection vulnerability. This vulnerability stems from the SQL injection in the tipocomb parameter of the kmaleonW.php file,...

PT-2026-3025

Name of the Vulnerable Software and Affected Versions Itflow versions through 25.06 Description An SQL injection issue exists in Itflow due to insufficient sanitization of integer parameters. Specifically, the "role id" parameter is vulnerable when editing a profile. An attacker with administrati...

EUVD-2026-2787

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...