233578 matches found
CVE-2026-44886
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...
CVE-2026-44680
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...
CVE-2026-44446
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...
CVE-2026-8912
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
CVE-2026-35228
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2026-11342
A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...
CVE-2026-11342 code-projects Hotel and Tourism Reservation System details.php sql injection
A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...
CVE-2026-11342 code-projects Hotel and Tourism Reservation System details.php sql injection
A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...
CVE-2026-11342
Vulnerability : In code-projects Hotel and Tourism Reservation System 1.0, the file /details.php is susceptible to SQL injection via the room parameter. Root cause : unsanitized input in the argument dispatched to an SQL query. Impact : exploitation can be performed remotely; CVSS metrics in sour...
CVE-2026-11342
A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...
GHSA-P8WX-5F39-W3X4 NocoDB: SQL Injection via Column Title in Bulk GroupBy
Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...
GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...
Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not...
CVE-2026-11334
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...
CVE-2026-44706
creationtimestamp| type| source ---|---|--- 2026-06-05 14:32:56+00:00| published-proof-of-concept| https://hakaisecurity.io/pt-br-cve-2026-44706-sql-injection-in-chatwoot-filterservice/research-blog/?utmmedium=rss 2026-06-05 14:32:56+00:00| published-proof-of-concept|...
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
EUVD-2026-34839
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...
CVE-2026-11334 tittuvarghese CollegeManagementSystem fetch.php sql injection
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...