PT-2026-33725

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description EasyFlow .NET developed by Digiwin contains a SQL Injection flaw. This allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...

SQL Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-6080

The CVE describes a SQL Injection in the WordPress Tutor LMS plugin (versions ≤ 3.9.8). Root cause: insufficient escaping on the 'date' parameter and direct interpolation into a SQL fragment before $wpdb->prepare(), enabling authenticated Admin+ attackers to append extra SQL queries and extrac...

CVE-2026-6080

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

CVE-2026-3330

The Form Maker by 10Web WordPress plugin (prepare(). Authenticated attackers with Administrator+ access can inject additional SQL into existing queries to exfiltrate data. The vulnerability can be triggered via CSRF because the Submissions controller skips nonce verification for the display task....

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

CVE-2026-37341

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managecategory.php...

CVE-2026-37347

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewgenre.php being...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewuser.php being...

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2026-37594

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewemployee.php...

CVE-2026-27681 SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

EUVD-2026-22075

Craft Commerce has a SQL Injection can lead to Remote Code Execution via TotalRevenue Widget...

PT-2026-32630

CVE-2026-37589 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage storage unit.php. https://t.co/2agb8gUwKW...

CVE-2026-37589

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/managestorageunit.php...

EUVD-2026-22016

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SpeakOut! Email Petitions versions = 4.6.5...