Frappe SQL注入漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.84.0 and 14.99.0 contain SQL injection vulnerabilities. These vulnerabilities stem from improper handling of certain endpoints...

WordPress plugin Ally – Web Accessibility & Usability SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-70024

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. There is a security vulnerability in Koha, which stems from improper validation of the displayby parameter in the /cgi-bin/koha/suggestion/suggestion.pl endpoint. This vulnerability could allow users with low...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. Versions of Parse Server prior to 9.6.0-alpha.5 and 8.6.31 have a SQL injection vulnerability. This vulnerability stems from the improper handling of subkey name...

PT-2026-24827

CVE-2025-70024 An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. https://t.co/Am32DAzE8m...

WeGIA SQL注入漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.6 contained an SQL injection vulnerability. This vulnerability stemmed from the id Produto parameter in the html/matPat/restaurarProduto.php file being directly concatenated into the SQ...

PT-2026-24595

🚨 CVE-2024-14025 An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the...

CVE-2026-30951

CVE-2026-30951 affects Sequelize (Node.js ORM). Prior to version 6.37.8, JSON/JSONB where-clause processing can interpolate an unescaped cast type via _traverseJSON(), inserting CAST(... AS ) with attacker-controlled JSON keys, enabling arbitrary SQL and data exfiltration from any table. The vuln...

CVE-2026-29172

Craft Commerce (Craft CMS) is affected by a SQL Injection in the purchasables table sorting. Prior to versions 4.10.2 and 5.5.3, the sort parameter is split by | and the first part (column name) is used directly as an array key in orderBy() without whitelist validation, allowing an authenticated ...

EUVD-2026-10492

SQL Injection CWE-89 in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests...

EUVD-2026-10685

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

EUVD-2026-10686

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

EUVD-2026-10455

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

SQL Injection

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to SQL Injection in the processing of the sort0direction and sort0sortField parameters within the inventory levels table data endpoint. An attacker can execute arbitrary SQL commands by supplying craft...

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

CVE-2025-49784

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

CVE-2026-26115

CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...

SQL Server Elevation of Privilege Vulnerability

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network...

KB5077468 - Description of the security update for SQL Server 2025 GDR: March 10, 2026

KB5077468 - Description of the security update for SQL Server 2025 GDR: March 10, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Improvements and fixes included in this update How to obtain and install the update More information File...