CVE-2026-21410

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-24908

OpenEMR vulnerability CVE-2026-24908: Prior to v8.0.0, an SQL injection flaw in the Patient REST API endpoint allows authenticated API users to inject arbitrary SQL via the _sort parameter. This can lead to database access and exposure of PHI and credentials. A fix is available in v8.0.0. No expl...

CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter

The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-8512

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...

EUVD-2026-8511

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

EUVD-2026-8509

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

EUVD-2026-8609

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...

CVE-2026-3149

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument coursecode can lead to sql injection. The attack can be executed...

CVE-2026-3150

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacherid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3134

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has be...

PT-2026-21871

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0 Description A flaw exists in itsourcecode College Management System 1.0. The issue is due to SQL injection within the /login/login.php file. Manipulating the email argument can lead to a...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

SourceCodester Simple and Nice Shopping Cart Script SQL注入漏洞

SourceCodester Simple and Nice Shopping Cart Script is an open-source shopping cart script developed by SourceCodester. Version 1.0 of the SourceCodester Simple and Nice Shopping Cart Script contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Username...

itsourcecode News Portal Project SQL注入漏洞

itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter pagetitle in the file admin/contactus.ph...

CVE-2026-3105

CVE-2026-3105 — Mautic is affected by a SQL injection vulnerability in the API endpoint that retrieves Contact Activity data. The root cause is improper validation of the sort direction parameter in the query construction for the Contact Activity timeline, allowing an authenticated user to inject...

Apache Superset allows privileged users to conduct error-based SQL Injection

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

CVE-2026-23980

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...