CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

Exploit for SQL Injection in Ghost

CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...

ANT-2026-H5T8XKWR · TryGhost/Ghost · sql-injection

sql-injection critical GHSA-w52v-v783-gw97 Severity Claude critical · Security research firm - · Maintainer critical Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-H5T8XKWR: SQL injection in Content API The Ghost Content API...

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

Prototype Pollution

Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to Prototype Pollution via the...

GHSA-QPFV-44F3-QQX6 MikroORM has Prototype Pollution in Utils.merge

A prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent special keys such as proto, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when...

SQL Injection

Overview @mikro-orm/mariadb is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via the...

GHSA-GWHV-J974-6FXM MikroORM is vulnerable to SQL Injection via specially crafted object

Summary MikroORM versions = 6.6.9 and = 7.0.5 are vulnerable to SQL injection when specially crafted objects are interpreted as raw SQL query fragments. Impact If user-controlled input is passed directly to MikroORM query construction APIs, an attacker may inject raw SQL fragments. This can lead ...

CVE-2026-5035

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-5035 code-projects Accounting System Parameter view_work.php sql injection

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-5035 code-projects Accounting System Parameter view_work.php sql injection

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-5035

CVE-2026-5035 affects code-projects Accounting System 1.0, specifically the Parameter Handler’s file /view_work.php. The vulnerability arises from manipulation of the en_id argument, leading to a SQL injection. It is remotely exploitable and an exploit has been disclosed publicly. Multiple connec...

CVE-2026-5035

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /viewwork.php of the component Parameter Handler. Such manipulation of the argument enid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-5033

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

CVE-2026-5034

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5034 code-projects Accounting System Parameter edit_costumer.php sql injection

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5034 code-projects Accounting System Parameter edit_costumer.php sql injection

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5033 code-projects Accounting System Parameter view_costumer.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

CVE-2026-5033 code-projects Accounting System Parameter view_costumer.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

EUVD-2026-16959

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...