CVE-2026-32954

ERP is a free/open-source Enterprise Resource Planning tool. Versions prior to 15.100.0 and 16.8.0 contain time-based and boolean-based blind SQL injection in certain endpoints due to insufficient parameter validation, enabling attackers to infer database information. The issue is fixed in versio...

CVE-2026-4469

The CVE-2026-4469 entry concerns itsourcecode Online Frozen Foods Ordering System 1.0. The vulnerability resides in the admin_edit_menu_action.php logic where manipulating the product_name argument enables SQL injection. A remote attacker could exploit this, and public exploit code is indicated a...

CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

CVE-2026-32811 Heimdall: Path received via Envoy gRPC corrupted when containing query string

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Search” in the file...

Open Source Point of Sale SQL注入漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source POS framework. Open Source Point of Sale has a SQL injection vulnerability; this vulnerability stems from the project’s search function, which allows for SQL injections, potentially leading to arbitrary SQL...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities; these vulnerabilities st...

PT-2026-26782

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.55 Parse Server versions prior to 9.6.0-alpha.44 Description An unauthenticated attacker can send a crafted HTTP request with a deeply nested query containing logical operators, causing the Parse Server proce...

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the parameter FirstName in the file admin/admin/editemployee.php. Th...

WeGIA SQL注入漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions 3.6.5 and 3.6.6 of WeGIA contain SQL injection vulnerabilities. These vulnerabilities stem from a lack of content validation during the loading of SQL files by the loadBackupDB...

OneUptime SQL注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of column name validation in multiple query...

AlmaLinux 10 : yggdrasil (ALSA-2026:5146)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5146 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

PT-2026-26564

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin edit supplier.php. The manipulation of the argument Supplier Name leads to sql injection. The attack can be initiated remotely. The...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the/api/search/fullTextSearchBlock endpoint, which could allow...

PT-2026-26563

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin edit employee.php. Executing a manipulation of the argument First Name can lead to sql injection. It is possible to launch the attack remotely. The exploit...

PT-2026-26762

Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.14 Description Kysely's DefaultQueryCompiler.sanitizeStringLiteral function inadequately escapes backslashes when handling string literals. Specifically, it only doubles single quotes but does not address...