CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection

WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...

CVE-2026-27461

Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...

CVE-2026-27179

MajorDoMo aka Major Domestic Module contains an unauthenticated SQL injection vulnerability in the commands module. The commandssearch.inc.php file directly interpolates the $GET'parent' parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is...

EUVD-2020-18617

Malware in sbrugna...

CVE-2025-56162

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

godontologico 5 - SQL Injection

Exploit: 0day godontologico v5 - SQL Inject + Author: vinicius777 + Contact: vinicius777 AT gmail - @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/godontologico/ + Google D0rks: "Smile Odonto - Enhancing your smile - www.smileodonto.com.br" + Google D0rks: "Smile Odonto ® -...

DataLife Engine DLE Forum plugin 2.x SQL Injection Exploit (0day)

DLE Forum is the most popular plugin for DataLife Engine CMS that is widely used by warez sites. Exploit is using blind sql injection and discovers all the admin hashes. Dork has more than 1 million google results. totally 0day. This is private exploit. You can buy it at https://0day.today...