MAC-SQL SQL注入漏洞

MAC-SQL is a multi-agent collaborative text-to-SQL framework developed by Bing’s individual developers. MAC-SQL has a SQL injection vulnerability, which stems from operations on parameters in the file core/agents.py, and could lead to SQL injection attacks...

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)

The version of Fortinet FortiClient EMS installed on the remote host is 7.4.4. It is, therefore, affected by a SQL injection vulnerability: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in FortiClientEMS 7.4.4 may allow an unauthenticated...

EUVD-2026-17206

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

CVE-2021-27320

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...

CVE-2021-27999

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

CVE-2026-4572

The CVE-2026-4572 entry identifies a vulnerability in SourceCodester Sales and Inventory System 1.0. The flaw affects the file /view_product.php, specifically the HTTP POST parameter searchtxt, where manipulation can lead to a SQL Injection. It is described as exploitable remotely and with a publ...

CVE-2026-31917

The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...

PT-2026-24849

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A flaw exists in xierongwkhd weimai-wetapp. The issue affects the getLikeMovieList function within the file source-code/src/main/java/com/moke/wp/wx...

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

CVE-2025-69338

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through = 1.6.26...

CVE-2026-3406

CVE-2026-3406 affects projectworlds Online Art Gallery Shop 1.0. The vulnerability resides in the Registration Handler’s file /admin/registration.php, in an unknown function, where manipulating the fname argument triggers SQL injection. It can be exploited remotely and exploits have been publicly...

Jinher OA C6 SQL注入漏洞

Jinher OA C6 is a digital office platform developed by Jinher Corporation. Versions of Jinher OA C6 prior to 20260210 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “id” or “offsnum” in the file...

CVE-2025-69306

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...