CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-42730

CVE-2026-42730 concerns the WordPress MasterStudy LMS plugin (versions

Zor-Seviye-xxe-Lab

AltaySec SOC Policy Manager — Zor Seviye Blind OOB XXE Lab...

EUVD-2026-29450

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

EUVD-2026-20137

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through = 2.4.7...

CVE-2026-32499 WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

CVE-2026-32368

The CVE covers a SQL Injection in the WordPress plugin “Geo to Lat” (delphiknight Geo to Lat geo-to-lat) up to version 1.0.19. The root cause is improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected versions are

EUVD-2026-9629

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through = 1.2.3...

CVE-2025-69310 WordPress Woodly Core plugin <= 1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through = 1.4...

CVE-2026-25378

CVE-2026-25378 affects the Nelio AB Testing WordPress plugin (

CVE-2026-25378 WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

CVE-2025-59920 SQL injection in time@work from systems@work

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-49050 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2021-47766 Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

EUVD-2025-203564

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

EUVD-2025-11314

Malicious code in bioql PyPI...

CVE-2025-58788

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through = 3.0.12...

PT-2025-14429 · Unknown · Ai Auto Tool Content Writing Assistant

Name of the Vulnerable Software and Affected Versions: Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions n/a through 2.1.7 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQ...

Linksys E1500/E2500 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys E1500/E2500 Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to an authenticated OS command injection...

sql injection

Description multiple sql injections due to unsanitized concatenating strings into where clause Collaborator: @ub3rsick Proof of Concept - assets controller 1- to trigger the request for sqli: go to files - assets - select a folder - right click - download as zip 2- replay the request to...