CLEANSTART-2026-UF78567 net/url package does not set a limit on the number of query parameters in a query

Multiple security vulnerabilities affect the minio-operator-fips package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...

CLEANSTART-2026-MI26424 net/url package does not set a limit on the number of query parameters in a query

Multiple security vulnerabilities affect the cert-manager package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...

CVE-2026-5827 code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

EUVD-2026-20805

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

SonicWALL SMA1000 SQL注入漏洞

SonicWALL SMA1000 is a series of security mobile access solutions developed by the American company SonicWALL. It simplifies end-to-end secure remote access for enterprise resources hosted across local, cloud, and hybrid data centers. The SonicWall SMA1000 has a SQL injection vulnerability, which...

PT-2026-31726

Name of the Vulnerable Software and Affected Versions WordPress adivaha Travel Plugin version 2.3 Description The adivaha Travel Plugin for WordPress version 2.3 contains a time-based blind SQL injection vulnerability. Unauthenticated attackers can manipulate database queries by injecting SQL cod...

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Versions of Apache OpenMeetings...

PT-2026-31639

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions prior to 9.0.0 Description A registered user can query a web service with their credentials and retrieve metadata id, type, name, and other fields from the FileItemDTO object for files and sub-folders of any folder...

PT-2026-31560

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists due to the manipulation of the postid argument in an unknown function within the /functions/addcomment.php file. The attack can be launched remotely. The exploit h...

Hydrosystem Control System SQL注入漏洞

Hydrosystem Control System is an industrial water treatment and fluid control monitoring system developed by the American company Hydrosystem. Versions of Hydrosystem Control System prior to 9.8.5 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of protective...

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter sucatdescription in the file admin/add-subcategory.php, which...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.23 contained security vulnerabilities. These vulnerabilities stemmed from a replay vulnerability in Plivo V2 signature verification, allowing attackers to bypass replay protecti...

PT-2026-31641

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 3.1.3 through 8.9.99 Description The REST login endpoint uses the HTTP GET method, transmitting the username and password as query parameters. This practice exposes sensitive credentials in server logs, browser...

PT-2026-31751

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S1 Junos OS versions 23.2 prior to 23.2R2 Junos OS versions 23.4 prior to 23.4R2 Description A memory leak in the DHCP daemon jdhcpd of Juniper Networks Junos OS on MX Series can be triggered ...

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...

PT-2026-31601

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description Hydrosystem Control System is susceptible to SQL Injection across numerous scripts and input parameters. The absence of protective measures allows an authenticated attacker to inje...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

CVE-2026-5824

The CVE-2026-5824 entry concerns code-projects Simple Laundry System 1.0. An SQL injection vulnerability exists in an unknown part of the file /userchecklogin.php, triggered by manipulating the userid argument. The issue is exploitable remotely and the exploit is publicly disclosed. No remediatio...

CVE-2026-5823 itsourcecode Construction Management System borrowed_tool_report.php sql injection

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...