SQL Injection

CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon up to version 30.0.01 is affected by an authenticated SQL injection via the Tracking/graphing feature in Tracking/graphing.php (line 145). Exploitation requires Teacher or higher privileges and can lead to unintended read/write access to the database. A fix is available in Gibbon v30.0.01;...

EUVD-2026-28880

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016806 advisory. An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.ext...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016807 advisory. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class...

Unity Linux 20.1050e / 20.1070e Security Update: python-PyMySQL (UTSA-2026-017341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017341 advisory. PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict. Tenable has extracted the preceding...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016788 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing...

CVE-2026-42287

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-42287

Summary: CVE-2026-42287 affects Emlog before version 2.6.11, where direct SQL injection in article creation and update can occur via the log_model.php functions addLog() and updateLog(). The underlying issue is unsafeguarded SQL construction that allows attackers to execute arbitrary SQL commands...

EUVD-2026-28842

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

SQL Injection

Overview @mikro-orm/sql is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...

GHSA-CFW5-68C4-FFQP MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

[SECURITY] [DSA 6256-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6255-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6255-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...