CVE-2025-41007 SQL Injection in Cuantis

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...

CVE-2026-32969

CVE-2026-32969 describes a Pre-Auth blind SQL Injection in the userinfo endpoint authentication method. An unauthenticated remote attacker can exploit improper neutralization of special elements in a SQL SELECT command, leading to total confidentiality loss. All connected sources consistently sta...

WordPress Injection Guard plugin <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability

Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Injection Guard versions = 1.2.9...

EUVD-2026-14390

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...

EUVD-2026-14388

A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-4580 code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

EUVD-2026-14355

A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /viewcustomers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The...

EUVD-2026-14365

A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now...

EUVD-2026-14359

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /viewproduct.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack m...

PT-2026-27208

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

PT-2026-27109

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

Simple E-Learning System SQL注入漏洞

Simple E-Learning System is a simple e-learning system developed by Carlo Montero. Version 1.0 of Simple E-Learning System has a SQL injection vulnerability. This vulnerability arises from improper handling of the postid parameter in the HTTP GET Parameter Handler component located in the file...

MB Connect Line mbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability. This vulnerability stems from...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Subscribe::save method not properly cleaning or parameterizing the usersid attribute, allowing...

PT-2026-27051

Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A SQL injection issue exists in the User Profile Update Handler component. The manipulation of the firstName argument can lead to SQL injection. The exploit is publicly available...

wvp-GB28181-pro SQL注入漏洞

WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of SQL queries within the onpublish.php callback function, which coul...

PT-2026-27150

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the allCategories method in the objects/category.php file, which had unvalidated SQL injections. As ...