Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

PT-2026-33726

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description A SQL Injection flaw allows unauthenticated remote attackers to inject arbitrary SQL commands. This can lead to the unauthorized reading, modification, and deletion of database contents...

CVE-2026-39109

CVE-2026-39109 : SQL injection in the Apartment Visitors Management System V1.1, specifically in the username parameter of login (index.php). This unauthenticated vulnerability allows an attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents. Con...

PT-2026-33816

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...

SQL Injection

PraisonAI is vulnerable to SQL Injection. The vulnerability is due to unsafe concatenation of the tableprefix configuration value into SQL queries without validation, which allows an attacker to inject arbitrary SQL and manipulate or access database contents...

SQL Injection

Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

CVE-2025-15625

CVE-2025-15625 involves the Sparx Pro Cloud Server where an unauthenticated user can execute arbitrary SQL commands in certain cases. Affected product: Sparx Pro Cloud Server (unspecified version in the provided documents). Impact is described as high across confidentiality, integrity, and availa...

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems Sparx Pro Cloud Server is a modeling and service platform developed by Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. There is a security vulnerability in Sparx Pro Cloud Server, which allows unverified users to execut...

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

CVE-2026-33207

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

EUVD-2026-23258

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...

CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

SourceCodester Payroll Management and Information System 安全漏洞

SourceCodester Payroll Management and Information System is an open-source payroll management and information system developed by SourceCodester. Version 1.0 of SourceCodester Payroll Management and Information System contains a security vulnerability, which stems from the file...

PT-2026-33327

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description SQL Injection is possible in the file '/music/view playlist.php'. Recommendations At the moment, there is no information about a newer version that contains a fix for...

CVE-2026-37343

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...