CVE-2026-27681

CVE-2026-27681 is an SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse caused by insufficient authorization checks. An authenticated user can submit crafted SQL statements to read, modify, and delete data, affecting confidentiality, integrity, and a...

PT-2026-32835

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper neutralization of special elements used in an sql command SQL injection allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.133 contained security vulnerabilities, which were caused by SQL identifier injections in the SQLiteConversationStore. These vulnerabilities could lead to unauthorized data...

PT-2026-32653

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

PT-2026-32632

CVE-2026-37591 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view details.php. https://t.co/zFz4555XYZ...

SourceCodester Patient Appointment Scheduler System 安全漏洞

The SourceCodester Patient Appointment Scheduler System is an open-source system developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler System contains a security vulnerability. This vulnerability stems from an SQL injection issue in the file...

SourceCodester Patient Appointment Scheduler 安全漏洞

SourceCodester Patient Appointment Scheduler is an open-source patient appointment scheduling tool developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the fi...

CVE-2026-37595

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/manageemployee.php...

SAP Business Planning and Consolidation和SAP Business Warehouse SQL注入漏洞

SAP Business Planning and Consolidation, as well as SAP Business Warehouse, are products of the German company SAP. SAP Business Planning and Consolidation is a business planning and integration software. This software provides features for budget preparation, forecasting, and financial...

EUVD-2026-22004

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

simple-ids

Simple IDS - Intrusion Detection System !License: MIThttp...

CVE-2026-6188

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=deletesales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

EUVD-2026-21922

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/viewcategory.php...

EUVD-2026-21876

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

EUVD-2026-21874

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-6163

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-6167 code-projects Faculty Management System subject-print.php sql injection

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

EUVD-2026-21778

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...

EUVD-2026-21780

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...