CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

CVE-2026-31920

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...

CVE-2026-25340 WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

PT-2026-27813

Name of the Vulnerable Software and Affected Versions Lisfinity Core versions n/a through 1.5.0 Description A flaw exists in pebas Lisfinity Core lisfinity-core that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The issue affects...

PT-2026-28150

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

WordPress plugin Lisfinity Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27995

Name of the Vulnerable Software and Affected Versions Product Rearrange for WooCommerce versions n/a through 1.2.2 Description The software contains a flaw due to improper neutralization of special elements within an SQL command, leading to a potential SQL injection issue. Specifically, the...

PT-2026-28074

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.26 Description n8n is a workflow automation platform. A user authenticated with permissions to create or modify workflows could leverage the "Combine by SQL"...

PT-2026-27878

Name of the Vulnerable Software and Affected Versions WPFactory Advanced WooCommerce Product Sales Reporting versions through 4.1.3 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This...

WordPress plugin ElementInvader Addons for Elementor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-27881

Name of the Vulnerable Software and Affected Versions ElementInvader Addons for Elementor versions n/a through 1.4.2 Description The software contains a flaw due to improper neutralization of special elements within an SQL command, leading to a potential SQL injection. Specifically, the...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection via the field name parameters of the aggregate $group pipeline stage or the distinct operation in the PostgreS...

EUVD-2019-20016

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

EUVD-2019-20020

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

CVE-2019-25641

The vulnerability is in Netartmedia Vlog System. An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL via the email parameter in the forgotten_password module (POST to index.php). This can expose sensitive data (as per description) and is categorized w...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

PT-2026-27521

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...