CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

CVE-2025-36001 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

CVE-2026-1701 itsourcecode School Management System index.php sql injection

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4686

CVE-2025-4686 concerns an SQL Injection in Kodmatic Computer Software’s Online Exam and Assessment product. The issue is described as improper neutralization of special elements used in SQL commands, enabling an injection that can impact confidentiality (low), integrity (low), and availability (h...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

PT-2026-5430

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0 related to the processing of the file '/enrollment/index.php'. Manipulation of the ID argument can lead to SQL...

CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

Security update for cacti, cacti-spine (critical)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0033-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...

PT-2026-5493

Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a SQL injection issue within the feedback module. Attackers can manipulate database queries by injecting malicious SQL code through the fid parameter. This could allow attackers...

Exploit for CVE-2025-10878

CVE-2025-10878-AdminPand...

CVE-2026-1594

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-1593

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

Elaniin CMS SQL injection vulnerability

Elaniin CMS is an open-source content management system created using PHP and MySQL by Elaniin. Version 1.0 of Elaniin CMS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the login page, which may lead to authentication bypass...

ROS-20260129-73-0044

Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...