CVE-2026-7435 SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

EUVD-2026-26437

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

SourceCodester Pet Grooming Management Software 注入漏洞

SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software contains a SQL injection vulnerability. This vulnerability stems from the handling of parameters type, lengt...

CVE-2026-6524

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

EUVD-2026-26290

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2026-7391

CVE-2026-7391 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability lies in the function save_supplier in /ajax.php?action=save_supplier, where manipulation of the ID parameter enables SQL injection. This allows remote exploitation, and a public exploit has been publis...

PT-2026-35958

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete supplier of the file /ajax.php?action=delete supplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

PT-2026-36903

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the Oracle Database node's select operation allows user-controlled input passed into the Limit field via expressions to be...

PT-2026-35905

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through = 3.44.0...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function savemenu within the file...

EUVD-2026-26072

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

EUVD-2026-26056

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

EUVD-2026-26034

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function savecategory of the file /admin/ajax.php?action=savecategory. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-7228

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function getcartcount of the file /admin/ajax.php?action=getcartcount. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the getcartcount function of the...

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions of ProFTPD prior to 1.3.10rc1 contained a SQL injection vulnerability. This vulnerability originated from the modsql module. In scenarios where USER requests with extensions like %U are recorded...

VMware Spring AI SQL注入漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5 and 1.1.0 to 1.1.4 of VMware Spring AI contain SQL injection vulnerabilities. These...