Wecodex Shipping System CMS SQL注入漏洞

Wecodex Shipping System CMS is a logistics content management system developed by Wecodex Corporation. Version 1.0 of the Wecodex Shipping System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL...

PT-2026-28250

Name of the Vulnerable Software and Affected Versions Nsauditor version 3.0.28.0 Description A structured exception handling SEH buffer overflow allows local attackers to execute arbitrary code by providing malicious input to the DNS Lookup tool. Attackers can craft a payload that overwrites the...

PT-2026-28247

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

RHEL 8 : osbuild-composer (RHSA-2026:5853)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5853 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

PT-2026-28531

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The objects/playlistsVideos.json.php endpoint does not enforce authentication or authorization checks, allowing access to the full video contents of any playlist by its ID. While private...

Hscripts Online Quiz Maker SQL注入漏洞

Hscripts Online Quiz Maker is an online quiz creation and management system developed by Hscripts Corporation. Version 1.0 of Hscripts Online Quiz Maker has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the catid and usern parameters, which may lead to SQ...

PT-2026-28243

Name of the Vulnerable Software and Affected Versions KomSeo Cart version 1.3 Description An SQL injection flaw allows attackers to inject SQL commands via the my item search parameter in the 'edit.php' endpoint. By submitting POST requests with malicious payloads, attackers can extract sensitive...

PT-2026-28235

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

Wecodex Hotel CMS SQL注入漏洞

Wecodex Hotel CMS is a hotel management system developed by Wecodex Corporation. Version 1.0 of Wecodex Hotel CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL injection attacks...

Code-Projects Online Food Ordering System SQL注入漏洞

Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the...

PT-2026-28242

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

Mediasoftpro ASP.NET jVideo Kit SQL注入漏洞

Mediasoftpro ASP.NET jVideo Kit is a video management and publishing component suite developed by Mediasoftpro. Version 1.0 of Mediasoftpro ASP.NET jVideo Kit contains a SQL injection vulnerability, which stems from insufficient validation of query parameter inputs, potentially allowing SQL...

PT-2026-28380

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.query synced folder action in...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where an expression evaluated as true may lead to infinite loops in logicalQuery.Select, resulting in...

CVE-2026-4826 SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /updatestock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

EUVD-2026-16016

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

CVE-2026-33909

OpenEMR prior to v8.0.0.3 is vulnerable to SQL injection in the MedEx recall/reminder processing code, where several variables are concatenated directly into SQL queries without parameterization or type casting. The issue affects components used for recall/reminder processing; CVE-2026-33909 is m...

CVE-2026-29187

OpenEMR has an authenticated blind boolean-based SQL injection vulnerability in the Patient Search feature (/interface/new/new_search_popup.php) present before version 8.0.0.3. The flaw allows an attacker to influence SQL logic by manipulating HTTP parameter keys, enabling arbitrary SQL commands....

EUVD-2025-209016

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...