CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

PandasAI 安全漏洞

PandasAI is an open-source Python library developed by PandasAI. It integrates artificial intelligence functions into pandas. Version 3.0.0 of PandasAI contains a security vulnerability, which stems from an SQL injection vulnerability in the pandasai.agent.base.executesqlquery component...

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.79.1 contain an SQL injection vulnerability. This vulnerability arises from improper validation of certain request inputs, which may allow SQL queries to execute...

PT-2026-29412

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Server and IBM Storage Protect Plus Server versions 8.2.0 Description IBM Storage Protect Server and IBM Storage Protect Plus Server are susceptible to SQL injection. A remote attacker could submit crafted SQL statements,...

CVE-2026-5206

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...

CVE-2026-34220

CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...

CVE-2026-34214

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...

EUVD-2026-17399

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

EUVD-2026-17349

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

EUVD-2026-17351

A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2026-5195

The CVE-2026-5195 entry concerns code-projects Student Membership System 1.0, specifically the User Registration Handler. The issue is a SQL injection vulnerability exploitable via remote input manipulation. The provided metrics indicate CVSS v3.0/3.1/4.0 scores with high impact on confidentialit...

CVE-2026-32714

A SQL injection vulnerability was found in the KeyCache component of scitokens. The implementation constructs SQL queries using Python string formatting with user-controlled input such as issuer and key identifiers. An attacker could exploit this flaw by supplying crafted input that alters the...

SQL Injection

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to SQL Injection via the KeyCache class. An attacker can execute arbitrary SQL commands against the local SQLite database by supplying crafted input to parameters such as issuer and...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

PT-2026-29324

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the save loan action. The application fails to properly sanitize user input supplied to the "borrower id" parameter in a POST request, allowing ...

EUVD-2026-17137

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

EUVD-2026-17131

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2026-5033

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...