CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

EUVD-2025-209149

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2026-29412

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Server and IBM Storage Protect Plus Server versions 8.2.0 Description IBM Storage Protect Server and IBM Storage Protect Plus Server are susceptible to SQL injection. A remote attacker could submit crafted SQL statements,...

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.79.1 contain an SQL injection vulnerability. This vulnerability arises from improper validation of certain request inputs, which may allow SQL queries to execute...

PT-2026-29566

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base. execute sql query component...

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

PandasAI 安全漏洞

PandasAI is an open-source Python library developed by PandasAI. It integrates artificial intelligence functions into pandas. Version 3.0.0 of PandasAI contains a security vulnerability, which stems from an SQL injection vulnerability in the pandasai.agent.base.executesqlquery component...

EUVD-2026-17664

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

CVE-2026-5206

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...

CVE-2026-34220

CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...

CVE-2026-34214

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...

EUVD-2026-17500

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...

CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

EUVD-2026-17399

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

EUVD-2026-17349

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

CVE-2026-5197

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

EUVD-2026-17351

A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...