CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2026-2690 itsourcecode Event Management System Admin Login ajax.php sql injection

A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...

PT-2026-20645

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis not.php. This manipulation of the argument comp id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-20865

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin versions prior to 2.4.15 Description The wpForo Forum plugin for WordPress is susceptible to time-based SQL Injection through the wpfob parameter. Insufficient escaping of user-supplied input and inadequate SQL query...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability, which stems from an SQL injection vulnerability in the widget API endpoint. This vulnerability could lead to data leaks or the execution of arbitrary...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Versions of Delinea Cloud Suite prior to 25.2 HF1 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements within SQL...

itsourcecode Event Management System SQL注入漏洞

itsourcecode Event Management System is an open-source event management system developed by itsourcecode. Version 1.0 of the itsourcecode Event Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the...

PT-2026-20957

Tanium addressed a SQL injection vulnerability in Asset...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Delinea Cloud Suite has a security vulnerability that stems from improper handling of special elements within SQL commands, which may lead to SQL injection attacks...

PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-7631

CVE-2025-7631 affects Tumeva News Software (Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co.) through version 17022026. The issue is improper neutralization of special elements used in SQL commands (SQL Injection). CVSS 3.1: AV:N/AC:L/PR:N/UI:N/...

CVE-2025-67102

The vulnerability described (CVE-2025-67102) affects Jorani up to version 1.0.4, specifically the alldayoffs feature. It is a SQL injection flaw exploitable by an authenticated attacker via the entity parameter, enabling arbitrary SQL execution. The provided documents do not specify affected envi...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

PT-2026-20339

Name of the Vulnerable Software and Affected Versions Sciyon Koyuan Thermoelectricity Heat Network Management System version 3.0 Description A security issue exists in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. The manipulation of the PGUID argument in the file...

PT-2026-8401

Name of the Vulnerable Software and Affected Versions Tumeva News Software versions through 17022026 Description The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential data exposure through attacks. The vend...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...

CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...