PT-2026-32630

CVE-2026-37589 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage storage unit.php. https://t.co/2agb8gUwKW...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...

school-management-system 安全漏洞

School-Management-System is a school management system developed by Shubham Kumar, an individual developer. Version 1.0 of School-Management-System has a security vulnerability. This vulnerability stems from improper handling of the sitemname POST parameter in the file...

CVE-2026-37602

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manageuser.php...

PT-2026-32655

CVE-2025-63939 Improper input handling in /Grocery/search products itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem name POST par… https://t.co/EsfS1EVZpb...

PT-2026-32631

CVE-2026-37590 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage rent.php. https://t.co/qyv3LzlzU6...

CVE-2026-37593

CVE-2026-37593 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The connected sources indicate a SQL Injection vulnerability in the file /wfh_attendance/admin/view_att.php. The CVE record provides a LOW severity (CVSSv3.1 base score 2.7) with attack vector NETWORK an...

PT-2026-32634

CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view att.php. https://t.co/c4uhTDec9s...

CVE-2026-37600

CVE-2026-37600 affects SourceCodester Patient Appointment Scheduler System v1.0. The vulnerability is a SQL Injection in the file /scheduler/admin/appointments/view_details.php. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N with a base score of 2.7 (LOW). According to the da...

CVE-2025-63939

CVE-2025-63939 affects the anirudhkannan Grocery Store Management System 1.0. The vulnerability is caused by improper input handling in /Grocery/search_products_itname.php, allowing SQL injection via the sitem_name POST parameter. The entry carries a CVSS v3.1 base score of 9.8 (CRITICAL) with NE...

PT-2026-32914

CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...

Fortinet FortiManager sqli (FG-IR-26-111)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

Fortinet FortiAnalyzer sqli (FG-IR-26-111)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

EUVD-2026-22069

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-32271

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

CVE-2026-32272

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

CVE-2026-32272

Craft Commerce (Craft CMS) 5.0.0–5.5.4 contains an SQL injection in ProductQuery::hasVariant and VariantQuery::hasProduct that bypass the input sanitization blocklist in ElementIndexesController, re-introduced by using Craft::configure() on a subquery without sanitization. An authenticated contro...

CVE-2026-32272 Craft Commerce: Blind SQL Injection via hasVariant/hasProduct

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

CVE-2026-32271

CVE-2026-32271 affects Craft Commerce (Craft CMS) in versions 4.0.0–4.10.2 and 5.0.0–5.5.4, where an SQL injection in the Commerce TotalRevenue widget allows any authenticated control panel user to achieve remote code execution. The exploit involves unsanitized widget settings interpolated into S...