PT-2026-6693

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System that allows for remote SQL injection. The issue is located in the /ramonsys/enrollment/controller.php file, specifically...

PT-2026-6822

Name of the Vulnerable Software and Affected Versions eLection version 2.0 Description The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the id parameter. Exploitation can be performed using SQLMap,...

SQL Injection

Overview @payloadcms/db-sqlite is a The officially supported SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379 A SQL Injection vulnerability has been addressed in IBM Aspera Console

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2026-5535

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

CVE-2025-1823

IBM Jazz Reporting Service (Lifecycle Query Engine) contains CVE-2025-1823: an authenticated user with host-network access can trigger a denial of service by sending a specially crafted SQL query that consumes excessive memory. Affected versions are IBM Jazz Reporting Service 7.1 and 7.0.3 (7.1iF...

CVE-2025-1823 IBM Jazz Reporting Service Denial of Service

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

EUVD-2026-5360

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

UBUNTU-CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

CVE-2026-25056

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

EUVD-2026-5510

The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-15268

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Martcode Delta Course Automation SQL注入漏洞

Martcode Delta Course Automation is an automated marketing and course management system developed by the Turkish company Martcode. Versions of Martcode Delta Course Automation prior to 04022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of...

PT-2026-5909

Name of the Vulnerable Software and Affected Versions Delta Course Automation versions through 04022026 Description Delta Course Automation is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized...

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...