CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

PT-2026-21226

Name of the Vulnerable Software and Affected Versions Applay - Shortcodes versions through 3.7 Description A flaw exists in the Applay - Shortcodes application that allows for object injection due to deserialization of untrusted data. This issue impacts the application's functionality related to...

CVE-2025-31007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through = 1.2.0...

CVE-2024-31212

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

CVE-2025-32787

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in DeleteIPv6DefaultRouterInRA called by StorePacket. Before dereferencing, DeleteIPv6DefaultRouterInRA does not account for ParsePacket returning NULL,...

CVE-2025-32787

CVE-2025-32787 affects SoftEtherVPN, specifically versions 5.02.5184–5.02.5187. The vulnerability is a NULL dereference in the function DeleteIPv6DefaultRouterInRA, which is called by StorePacket. The underlying cause is that DeleteIPv6DefaultRouterInRA does not handle NULL results from ParsePack...