216683 matches found
PT-2026-28528
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.158 Group-Office versions prior to 25.0.92 Group-Office versions prior to 26.0.17 Description Group-Office is an enterprise customer relationship management and groupware tool. An authenticated SQL Injection...
PT-2026-28692
Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A flaw exists in itsourcecode Free Hotel Reservation System version 1.0 that may allow for SQL injection. The issue is located in the file /admin/mod room/index.php?view=edit...
CVE-2026-30533
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...
CVE-2026-30533
CVE-2026-30533 targets SourceCodester Online Food Ordering System v1.0. The vulnerability is a SQL Injection in admin/manage_product.php via the id parameter. Reported metrics show CVSS v3.1 base score 9.8 (CRITICAL, NETWORK vector, no user interaction). Affected component: admin/manage_product.p...
CVE-2026-30532
CVE-2026-30532 describes a SQL Injection vulnerability in SourceCodester Online Food Ordering System v1.0, exposed via the admin/view_product.php file when using the id parameter. The vulnerability is documented as affecting the admin view_Product flow, with the root cause being unsafe constructi...
CVE-2026-30530
CVE-2026-30530 is a SQL Injection flaw in SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_customer) where the username input is not properly sanitized. The issue, confirmed by NVD and corroborated by Red Hat, ENISA EUVD, CNNVD, CNNVD mirrors, and other feeds, al...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stems from the getLike method in objects/like.php, which directly appends the videosid value to the SQL que...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contain an SQL injection vulnerability. This vulnerability stems from the Liveschedule::keyExists method, which does not protect parameterized queries, potentially allowing...
PT-2026-28673
Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do...
Code-Projects Social Networking Site SQL注入漏洞
Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file deletephotos.php, whic...
PT-2026-28627
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a SQL injection issue in its MDM bootstrap package configuration. An authenticated user possessing Team Admin or Global Admin privileges...
PT-2026-28626
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...
CVE-2026-4825
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...
CVE-2026-33909
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33713
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
CVE-2026-33910
OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...
EUVD-2026-16305
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
CVE-2026-33545
MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...