CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

EUVD-2024-15981

Malicious code in bioql PyPI...

EUVD-2022-51638

Malicious code in bioql PyPI...

CVE-2025-5783

A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-3316

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/viewcategory.php. The manipulation of the argument id leads to sql injection. The attack...

CVE-2024-9041

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=updateaccount. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can...

CVE-2025-3804

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

CVE-2025-3804

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

PT-2023-9862 · Unknown · The Hackers Diet Plugin

Name of the Vulnerable Software and Affected Versions: The Hackers Diet Plugin versions up to 0.9.6b Description: A critical issue has been found in the processing of the file ajax blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection...

PT-2023-5891 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue affects the processing of the file sell return.php, where the manipulation of the pid argument leads to SQL injection. This allows an attacker to execute...

PT-2023-24503 · Wavlink · Wavlink Wn579X3

Name of the Vulnerable Software and Affected Versions: Wavlink WN579X3 versions up to 20230615 Description: A critical issue has been discovered, affecting an unknown function of the /cgi-bin/adm.cgi file in the Ping Test component. The manipulation of the pingIp argument leads to injection. This...

CVE-2023-2594

A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2023-0531

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/bookingreport.php. The manipulation of the argument todate leads to sql injection. It is possible to launch the attack remotely...

CVE-2022-4300 FastCMS Template edit injection

A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and...

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

More info at https://www.drupal.org/SA-CORE-2016-003...