EUVD-2019-20020

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

EUVD-2019-20016

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

CVE-2019-25641

The vulnerability is in Netartmedia Vlog System. An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL via the email parameter in the forgotten_password module (POST to index.php). This can expose sensitive data (as per description) and is categorized w...

CVE-2019-25638

Meeplace Meeplace Business Review Script contains a SQL injection vulnerability in the addclick.php endpoint, exploitable via the id parameter to execute arbitrary SQL. The issue allows unauthenticated attackers to craft GET requests to retrieve sensitive database information and may facilitate d...

CVE-2019-25638 Meeplace Business Review Script Lastest SQL Injection via addclick.php

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

EUVD-2026-14743

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4662

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

CVE-2026-4625

A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624 SourceCodester Online Library Management System Parameter home.php sql injection

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

PT-2026-27487

Name of the Vulnerable Software and Affected Versions Astro versions prior to 10.0.2 Description Astro, a web framework, contains a flaw in the @astrojs/vercel serverless entrypoint. Versions prior to 10.0.2 do not authenticate requests using the x-astro-path header or x astro path query paramete...

PT-2026-27331

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...

Zeeways Jobsite CMS SQL注入漏洞

Zeeways Jobsite CMS is a recruitment platform building tool developed by Zeeways Corporation. Zeeways Jobsite CMS has a SQL injection vulnerability. This vulnerability arises from SQL injection attacks, allowing unauthenticated attackers to inject SQL code through ID GET parameters and manipulate...

NetArt Media Vlog System SQL注入漏洞

NetArt Media Vlog System is a platform system developed by NetArt Media in Bulgaria, designed for building video blog websites and managing video content along with user interactions. The NetArt Media Vlog System has a SQL injection vulnerability. This vulnerability stems from SQL injection...

Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs

Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.56 and 9.6.0-alpha.45. These vulnerabilities stemmed from the LiveQuery component no...