8195 matches found
API Security Testing and Vulnerability Assessment
APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...
CVE-2025-66335
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...
CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2026-5964
CVE-2026-5964 affects EasyFlow .NET (Digiwin). The vulnerability is a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Public details from TWCERT/NVD describe the issue but do not provide a con...
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2026-33751
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...
Digiwin EasyFlow .NET 安全漏洞
Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...
CVE-2026-39109
CVE-2026-39109 : SQL injection in the Apartment Visitors Management System V1.1, specifically in the username parameter of login (index.php). This unauthenticated vulnerability allows an attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents. Con...
PT-2026-33816
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...
PT-2026-33726
Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description A SQL Injection flaw allows unauthenticated remote attackers to inject arbitrary SQL commands. This can lead to the unauthorized reading, modification, and deletion of database contents...
PT-2026-33817
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...
PT-2026-33818
Name of the Vulnerable Software and Affected Versions Apartment Visitors Management System version 1.1 Description An issue exists in the forgot password page 'forgot-password.php' where the email parameter is susceptible to SQL Injection. This allows an unauthenticated attacker to manipulate...
SQL Injection
PraisonAI is vulnerable to SQL Injection. The vulnerability is due to unsafe concatenation of the tableprefix configuration value into SQL queries without validation, which allows an attacker to inject arbitrary SQL and manipulate or access database contents...
SQL Injection
Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...
CVE-2026-40476 graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation
graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...
CVE-2025-15625
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...
CVE-2025-15625
CVE-2025-15625 involves the Sparx Pro Cloud Server where an unauthenticated user can execute arbitrary SQL commands in certain cases. Affected product: Sparx Pro Cloud Server (unspecified version in the provided documents). Impact is described as high across confidentiality, integrity, and availa...