ProjeQtOr SQL注入漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain SQL injection vulnerabilities. These vulnerabilities stem from the login function, where the login variable directly concatenates SQL queries without parameterization ...

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-pgvector-store is a Spring AI PGVector Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

WordPress plugin Directorist Booking SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-mongodb-atlas-store is a Spring AI Vector Store - MongoDB Atlas Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-gemfire-store is a Spring AI GemFire Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

Linux Distros Unpatched Vulnerability : CVE-2026-42040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contain...

PT-2026-35527

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

PT-2026-35281

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

PT-2026-35512

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base url results in server-side request forgery. Remot...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-couchbase-store is a Spring AI Couchbase Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

EUVD-2026-25733

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...