WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.42 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by type5afe in WordPress Plugin Form Maker by 10Web versions = 1.15.42...

WordPress AWP Classifieds plugin < 4.4.6.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hunter Jensen skid in WordPress Plugin AWP Classifieds versions 4.4.6.1...

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

CVE-2026-3359

The CVE-2026-3359 entry concerns the WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder. Affected component: the inputs parameter used in SQL queries. Root cause: insufficient escaping and lack of adequate query preparation, allowing unauthenticated attackers ...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

EUVD-2026-26832

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

EUVD-2026-26778

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

GHSA-Q57J-RWWX-7RWP MixPHP Framework has an SQL injection vulnerability via crafted `data` array

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

SQLInjection

Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...

WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.5.1...

CVE-2026-22336

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2...

PT-2026-35505

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper...

GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 28.1.6...

EUVD-2026-23918

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...

Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

EUVD-2026-23797

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-39111

CVE-2026-39111 concerns an SQL injection vulnerability in the Apartment Visitors Management System V1.1. The flaw is triggered in the forgot-password.php page via the email parameter, allowing an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data. The conn...