CVE-2026-40822

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40838

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40824 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-27179 MajorDoMo Unauthenticated SQL Injection in Commands Module

MajorDoMo aka Major Domestic Module contains an unauthenticated SQL injection vulnerability in the commands module. The commandssearch.inc.php file directly interpolates the $GET'parent' parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is...

WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...

CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

CVE-2024-12612 School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

PT-2023-31294 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...

PT-2023-30225 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the pass parameter in the register function of the functions.php file is vulnerable. Recommendations: For Onli...

PT-2023-29354 · Unknown · Online Bus Booking System

Name of the Vulnerable Software and Affected Versions: Online Bus Booking System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the user query parameter of the "bus info.php" resource does not validate the characters received and...

CVE-2022-2177

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2...