61 matches found
EUVD-2026-39699
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...
CVE-2026-56036
The CVE-2026-56036 entry describes an unauthenticated SQL injection affecting the WordPress plugin 결제 심플페이 (SimplePay) for versions <= 5.5.6. CVSSv3.1: 9.3 (CRITICAL), vectors: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. Impact is confidentiality high; integrity none; availability low. Affected softw...
EUVD-2026-37872
claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...
EUVD-2026-37621
Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...
CVE-2026-22340
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
EUVD-2026-36944
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
EUVD-2026-36951
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39441
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
PT-2026-49384
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
📄 ProjeQtor 12.4.3 SQL Injection
This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
CVE-2026-40846
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40843
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40846 Authenticated SQLi in system view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40845 Authenticated SQLi in devices_configuration view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40829
CVE-2026-40829 describes an unauthenticated SQL Injection in the view.html.php UpdateParam function, exploitable by a high-privilege remote attacker. It can read the entire database and alter values in a non-critical table, leading to total confidentiality loss and some integrity loss. The connec...
CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
WordPress Custom CSS JS PHP plugin <= 2.0.7 - Unauthenticated SQL Injection to RCE vulnerability
Unauthenticated SQL Injection to RCE vulnerability discovered by John Umoru in WordPress Plugin Custom css-js-php versions = 2.0.7...
PT-2026-39315
Name of the Vulnerable Software and Affected Versions WP Photo Album Plus versions prior to 9.1.11.001 Description The plugin fails to properly sanitize and escape a parameter before its use in a SQL query. This allows unauthenticated users to execute SQL injection attacks, which involve insertin...