ROS-20260417-73-0048

Vulnerability in glpi related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

CVE-2026-33207

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

EUVD-2026-23258

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...

CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

PT-2026-33327

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description SQL Injection is possible in the file '/music/view playlist.php'. Recommendations At the moment, there is no information about a newer version that contains a fix for...

SourceCodester Payroll Management and Information System 安全漏洞

SourceCodester Payroll Management and Information System is an open-source payroll management and information system developed by SourceCodester. Version 1.0 of SourceCodester Payroll Management and Information System contains a security vulnerability, which stems from the file...

CVE-2026-37343

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...

PT-2026-33331

Name of the Vulnerable Software and Affected Versions SourceCodester Vehicle Parking Area Management System version 1.0 Description An issue exists in the file '/parking/manage category.php' that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields f...

PT-2026-33336

Name of the Vulnerable Software and Affected Versions SourceCodester Payroll Management and Information System version 1.0 Description An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes...

CVE-2026-37336

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewmusic.php...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewmusic.php being...

Cisco Unity Connection Web Management Interface SQL Injection Vulnerability

Cisco Unity Connection is a unified communications messaging platform that focuses on providing voicemail and messaging capabilities. An SQL injection vulnerability exists in Cisco Unity Connection. The vulnerability stems from insufficient validation of user-supplied input and can be exploited b...

EUVD-2026-22955

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-40745

The CVE-2026-40745 entry describes an SQL Injection vulnerability in the bdthemes Element Pack Elementor Addons (bdthemes-element-pack-lite) for WordPress, affecting versions up to 8.4.2. The root cause is improper neutralization of special elements used in an SQL command, leading to potential bl...

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...