CVE-2026-5195

The CVE-2026-5195 entry concerns code-projects Student Membership System 1.0, specifically the User Registration Handler. The issue is a SQL injection vulnerability exploitable via remote input manipulation. The provided metrics indicate CVSS v3.0/3.1/4.0 scores with high impact on confidentialit...

CVE-2026-32714

A SQL injection vulnerability was found in the KeyCache component of scitokens. The implementation constructs SQL queries using Python string formatting with user-controlled input such as issuer and key identifiers. An attacker could exploit this flaw by supplying crafted input that alters the...

SQL Injection

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to SQL Injection via the KeyCache class. An attacker can execute arbitrary SQL commands against the local SQLite database by supplying crafted input to parameters such as issuer and...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

PT-2026-29183

Name of the Vulnerable Software and Affected Versions SciTokens versions prior to 1.9.6 Description SciTokens is a reference library for generating and using SciTokens. The KeyCache class was susceptible to SQL Injection due to the use of Python’s str.format function to construct SQL queries with...

PT-2026-29204

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

PT-2026-29221

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

PT-2026-29324

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the save loan action. The application fails to properly sanitize user input supplied to the "borrower id" parameter in a POST request, allowing ...

EUVD-2026-17137

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

EUVD-2026-17131

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2018-25231 HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

CVE-2026-5033

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

yudao-cloud SQL注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV as an individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Website” in files located at...

PT-2026-28744

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A SQL injection issue exists in code-projects Accounting System version 1.0. The issue is located in an unknown functionality within the /view costumer.php file, specifically affecting th...

CVE-2026-33980

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

CVE-2026-30529

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the saveuser action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious S...

SUSE CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

PandasAI SQL注入漏洞

PandasAI is a Python library that integrates artificial intelligence functions into pandas. Versions of PandasAI 0.1.4 and earlier contain a SQL injection vulnerability, which stems from incorrect operations on functions in the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb.py,...