SourceCodester Simple Doctors Appointment System SQL注入漏洞

SourceCodester Simple Doctors Appointment System is an easy doctor appointment system developed under the open-source framework of SourceCodester. Version 1.0 of the SourceCodester Simple Doctors Appointment System has a SQL injection vulnerability. This vulnerability arises from incorrect handli...

PT-2026-29215

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

VulnCheck KEV: CVE-2025-54726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...

PT-2026-29190

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

VulnCheck KEV: CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

Code-Projects Student Membership System SQL注入漏洞

Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from unknown issues in the user registration processing program,...

PT-2026-29408

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

SourceCodester Teacher Record System SQL注入漏洞

The SourceCodester Teacher Record System is an open-source teacher record system developed by SourceCodester. Version 1.0 of the SourceCodester Teacher Record System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the 'searchteacher' parameter, which may le...

PT-2026-29407

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is...

EUVD-2026-17216

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

CVE-2026-5150

CVE-2026-5150 affects code-projects Accounting System 1.0, specifically the Parameter Handler’s handling of cos_id in the file /viewin_costumer.php. The issue allows manipulation of cos_id leading to an SQL injection, with the attack possible remotely and the exploit publicly disclosed. The avail...

CVE-2026-5148

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-5148

CVE-2026-5148 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in the /admin-api/system/mail-log/page path, caused by manipulation of the toMail argument that leads to SQL injection. It can be triggered remotely; a public exploit is available. The vendor was contacted early but di...

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

EUVD-2026-17206

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

CVE-2026-31799

CVE-2026-31799 affects Tautulli (Python-based Plex monitor) where the /api/v2?cmd=get_home_stats endpoint passes query parameters (section_id, user_id, before, after) directly into SQL via Python %-string formatting without parameterization, from versions 2.14.2–2.16.x (before 2.17.0) for certain...