Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board

CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...

CVE-2019-25728 Care2x 2.7 Hospital Information System SQL Injection via ck_config

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...

Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

CVE-2026-9757

The GEO my WP WordPress plugin (prepare(). This enables unauthenticated attackers to append additional SQL to existing queries to extract data. Exploitation requires a public page hosting the Posts Locator shortcode ([gmw form="results" form_id=N]) and at least one published post with an associat...

PT-2026-45119

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

PT-2026-45111

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

EUVD-2018-21917

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

PT-2026-44867

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103712)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103712 advisory. - This injection vulnerability allows an unauthenticated attacker to modify the actions taken by a system call which has no impact to...

CVE-2026-40848

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40849

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the useralarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40842

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40837

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40835

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40847

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the systemtag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40847

CVE-2026-40847 is described as an unauthenticated SQL Injection in the system_tag view allowing an attacker with low privileges (remote) to cause total confidentiality loss. The provided sources (NVD/CIRCL/CVELIST) repeat the same description and provide CVSS metrics: CVSS v3.1 base score 6.5 (ME...

CVE-2026-40847 Authenticated SQLi in system_tag view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the systemtag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32146

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the systemtag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40845 Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...