CVE-2026-40826 Authenticated SQLi in dsgvo_contracts view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvocontracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40825

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-40822

The connected records confirm CVE-2026-40822 describes an unauthenticated SQL Injection in the DevSerialReset function, caused by improper neutralization of special elements in a SQL SELECT command. This allows a high-privilege, remote attacker to access data and leads to total confidentiality lo...

Exploit for CVE-2026-6433

CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

CVE-2026-42031

CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...

WordPress AIWU plugin <= 1.4.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.21...

WordPress SureTriggers plugin < 1.1.23 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin OttoKit versions 1.1.23...

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

CVE-2026-4304

The CVE-2026-4304 entry concerns the WeePie Cookie Allow plugin for WordPress. Affected component: the plugin, throughout all versions up to and including 3.4.11. Root cause: insufficient escaping of the user-supplied consent parameter and lack of proper preparation in the SQL query, enabling SQL...

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE

Vulnerability Report: Unauthenticated SQL Injection in Hospita...

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

AVideo Unauthenticated SQL Injection Credential Dump

AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...

CVE-2026-33615

The CVE-2026-33615 entry concerns MB connect line mbCONNECT24 with an unauthenticated SQL injection in the setinfo endpoint. The issue arises from improper neutralization in a SQL UPDATE command, enabling an attacker with network access (no auth, no user interaction) to compromise integrity and a...

CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2019-25643

CVE-2019-25643 is a Linux kernel issue involving improper input validation in ppp_cp_parse_cr that could lead to memory corruption and read overflow. SUSE advisories SUSE-SU-2020:2904/2905/2906 (and related OSV entries) indicate this CVE was addressed by kernel updates for SUSE SLES 12 SP5 and SL...

WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability

Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...

CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...

CVE-2026-33352

WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...