MB Connect Line mbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling ...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by overly lax cross-domain policies implemented in the FastAPI/Flask Server component, which could lead to remote attacks...

PT-2026-29682

Name of the Vulnerable Software and Affected Versions AlejandroArciniegas mcp-data-vis affected versions not specified Description A SQL injection issue exists in the Request function within the src/servers/database/server.js file of the MCP Handler component. This manipulation can be initiated...

PT-2026-29954

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...

MB Connect Line mbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling...

CVE-2026-5206

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...

CVE-2026-21630

Joomla! Core SQL injection vulnerability identified in the com_content articles webservice endpoint affecting Joomla! CMS versions 4.0.0–5.4.3 and 6.0.0–6.0.3. The connected document specifies the vulnerability type and affected versions; no exploitation status or remediation details are provided...

BIT-GRAFANA-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

EUVD-2025-209149

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2026-29412

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Server and IBM Storage Protect Plus Server versions 8.2.0 Description IBM Storage Protect Server and IBM Storage Protect Plus Server are susceptible to SQL injection. A remote attacker could submit crafted SQL statements,...

PandasAI 安全漏洞

PandasAI is an open-source Python library developed by PandasAI. It integrates artificial intelligence functions into pandas. Version 3.0.0 of PandasAI contains a security vulnerability, which stems from an SQL injection vulnerability in the pandasai.agent.base.executesqlquery component...

PT-2026-29566

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base. execute sql query component...

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.79.1 contain an SQL injection vulnerability. This vulnerability arises from improper validation of certain request inputs, which may allow SQL queries to execute...

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

CVE-2026-5206

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...

CVE-2026-34220

CVE-2026-34220 affects mikro-orm (TypeScript ORM for Node.js). A SQL injection vulnerability exists in versions prior to 6.6.10 and 7.0.6, triggered when specially crafted objects are interpreted as raw SQL query fragments during ORM write APIs (e.g., wrap(entity).assign(userInput) followed by em...

CVE-2026-34214

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...

EUVD-2026-17399

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...