CVE-2026-33350

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

CVE-2026-33756

CVE-2026-33756 affects Saleor (e-commerce platform). The vulnerability lies in unbounded GraphQL query batching: from 2.0.0 up to just before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the service allowed multiple GraphQL operations in a single HTTP request without an upper limit, bypassing per-qu...

EUVD-2025-209296

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

sql-injection-lab

No d...

WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Maps versions = 4.9.1...

sql-bypass

No d...

EUVD-2026-20162

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

EUVD-2026-20156

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

CVE-2026-39495 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

CVE-2026-39486

The CVE-2026-39486 entry concerns the WordPress Download Monitor plugin (Download Monitor) with versions &lt;= 5.1.8, where improper neutralization of SQL commands leads to Blind SQL Injection. The Red Hat, NVD, EUVD, CVE List, and vuln enrichment records confirm a vulnerability in this plugin; n...

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

PT-2026-31083

Name of the Vulnerable Software and Affected Versions MATCHA INVOICE versions 2.6.6 and earlier Description A SQL Injection vulnerability exists that may allow a logged-in user to obtain or alter information stored in the database. Recommendations Update to a newer version to address this...

PT-2026-31412

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

PT-2026-31539

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description The issue involves improper input validation in GraphQL queries, potentially allowing an authenticated user to cause a denial of service to the...

PT-2026-31117

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

PT-2026-31130

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through = 1.4.5...

EUVD-2026-19769

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

Apache Cassandra has an authenticated DoS over CQL

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...