CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

UBUNTU-CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

Exploit for SQL Injection in Djangoproject Django

No d...

CVE-2026-0699 code-projects Intern Membership Management System edit_activity.php sql injection

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. Remote exploitation of the attack is possible. The exploi...

PT-2026-1829

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk versions 18.34 Description A SQL injection issue exists due to the improper handling of user-supplied data. Specifically, the hfInventoryDistFormID parameter within the...

WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Media Search Enhanced versions = 0.9.1...

CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2026-1429

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions through 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to time-based SQL Injection. This ...

EUVD-2026-0840

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...

CVE-2026-0591

Code-projects Online Product Reservation System 1.0 contains a SQL injection vulnerability in the Cart Update Handler, specifically in the /app/checkout/update.php file’s unknown function. Manipulating the id/qty parameter can trigger the injection, enabling remote exploitation. Public exploit/Po...

CVE-2025-30633

CVE-2025-30633 affects the WordPress plugin Woozone Contextual Amazon Native Shopping Recommendations (WordPress Native Shopping Recommendations) up to version 1.3. Description confirms an improper neutralization of special elements in SQL commands, i.e., an SQL Injection vulnerability. Affected ...

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

EUVD-2026-0905

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2026-0918

A vulnerability was identified in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssmpro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can ...

FreeBPX < 16.0.92 Multiples Vulnerabilities

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities : - An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting th...

PT-2026-1260

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security issue exists in code-projects Online Product Reservation System 1.0. The issue involves the manipulation of the transaction id argument within the GET Parameter...

PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...

PT-2026-1226

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform allows authenticated remote attackers to inject arbitrary SQL commands, potentially enabling them to read database contents...

hosporder SQL注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. A SQL injection vulnerability exists in hosporder 627f426331da8086ce8fff2017d65b1ddef384f8 and earlier versions, which stems from an incorrect manipulation of the parameter hospitalAddress/...

WordPress plugin Entrada SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...