GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

CVE-2025-70892

CVE-2025-70892 affects Phpgurukul Cyber Cafe Management System v1.0. A SQL Injection flaw exists in the user management module via the add-users.php endpoint, specifically in the username parameter where input is not properly validated. This vulnerability is described across multiple sources (NVD...

CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37182

CVE-2025-37182 affects EdgeConnect SD-WAN Orchestrator Web-Based Management Interface. The vulnerability is a SQL injection in the authenticated web interface, allowing an attacker with valid credentials to execute arbitrary SQL commands on the underlying database, with potential for unauthorized...

CVE-2025-14615 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...

CVE-2025-67811

Area9 Rhapsode 1.47.3 is vulnerable to SQL Injection via multiple API endpoints accessible to authenticated users due to insufficient input validation. Impacted: unauthorized database access and potential data compromise. Mitigation: upgrade to v1.47.4 or later (fixed in 1.47.4+). This CVE (CVE-2...

github docs 安全漏洞

github docs is a software application. A security vulnerability exists in github docs version 2.02.36 and earlier, which stems from an incorrect manipulation of the parameter searchWord in the file src/com/DocSystem/mapping/ReposAuthMapper.xml, which could lead to an SQL injection attack...

EUVD-2026-1034

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...

CVE-2025-67928

CVE-2025-67928 affects the Automotive Listings plugin/theme. It is an SQL Injection vulnerability (improper neutralization of input) allowing a blind SQL injection in Automotive Listings, potentially impacting the product up to version 18.6. The CVSS 3.1 vector indicates Network attack, with high...

WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WooCommerce Orders & Customers Exporter versions = 5.4...

WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Ninja Tables versions = 5.2.4...

PT-2026-1403

Name of the Vulnerable Software and Affected Versions Page Expire Popup/Redirection for WordPress plugin versions prior to 1.0 Description The Page Expire Popup/Redirection for WordPress plugin is susceptible to a time-based SQL Injection issue. This is due to inadequate escaping of user-supplied...

payload-labkit

payload-labkit Salam, praktisi keamanan! Berikut tiga daftar...

CVE-2025-39484 WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...

CVE-2025-39484 WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...

WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...

CVE-2026-0590 code-projects Online Product Reservation System POST Parameter delete.php sql injection

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...