Code-Projects Simple Gym Management System 安全漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System contains a security vulnerability, which stems from an SQL injection vulnerability in the file /gym/trainersearch.php...

EUVD-2026-9221

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewsupplier.php...

CVE-2026-28562

CVE-2026-28562 affects wpForo 2.4.14. The vulnerability is an unauthenticated SQL injection in Topics::get_topics(), where the ORDER BY clause relies on insufficient esc_sql() sanitization for unquoted identifiers. An attacker can craft wpfob payloads (e.g., using CASE WHEN) to perform blind bool...

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

EUVD-2025-208138

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...

CVE-2025-11251

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

EUVD-2026-8996

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the id parameter being susceptible to SQL injections, which may allow unverified attackers to extra...

osCommerce SQL注入漏洞

osCommerce is a set of open-source e-commerce solutions developed by osCommerce Inc., licensed under the GNU GPL. Version 2.3.4.1 of osCommerce contains a SQL injection vulnerability. This vulnerability stems from the reviewsid parameter, which allows for SQL injections, potentially enabling...

PT-2026-22335

Name of the Vulnerable Software and Affected Versions Dayneks Software Industry and Trade Inc. E-Commerce Platform versions through 27022026 Description The Dayneks Software Industry and Trade Inc. E-Commerce Platform is affected by an Improper Neutralization of Special Elements used in an SQL...

PT-2026-22360

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-3261

A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...

CVE-2026-27149 Discourse has SQL injection in PM tag filtering

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering listprivatemessagestag allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and...

GHSA-F3F2-MCXC-PWJX n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...

GO-2026-4531 New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api...

CVE-2026-21410

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-24908

OpenEMR vulnerability CVE-2026-24908: Prior to v8.0.0, an SQL injection flaw in the Patient REST API endpoint allows authenticated API users to inject arbitrary SQL via the _sort parameter. This can lead to database access and exposure of PHI and credentials. A fix is available in v8.0.0. No expl...