CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

EUVD-2026-34063

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

CVE-2026-40837 Authenticated SQLi in getProjectScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

CVE-2026-36922

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/viewcategory.php...

PT-2026-32642

CVE-2026-37602 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage user.php. https://t.co/KXDGr8fSPw...

EUVD-2026-22006

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...

Adianti Framework SQL注入漏洞

Adianti Framework is a framework developed by Adianti for developing PHP applications. Versions 5.5.0 and 5.6.0 of Adianti Framework have SQL injection vulnerabilities. These vulnerabilities stem from insufficient input validation for the name field in the SystemProfileForm, which may lead to SQL...

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability stems from operations on the parameter userid in the /crud.php file, which may le...

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...

EUVD-2026-14475

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

PT-2026-27041

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System version 1.0. The issue is located in the HTTP GET Request Handler component, specifically within the...

PT-2026-27065

A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploi...

PT-2026-26558

Name of the Vulnerable Software and Affected Versions ERP versions prior to 16.8.0 ERP versions prior to 15.100.0 Description The software contains a flaw due to insufficient parameter validation, leading to time-based and boolean-based blind SQL injection in certain endpoints. This allows...

PT-2026-25797

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom dates parameter. By chaining this with a predictable legacy password reset mechanism, an...

CVE-2026-27373

CVE-2026-27373 : WordPress Tablesome plugin (Tablesome) &lt;= 1.2.3 has an SQL Injection vulnerability due to improper neutralization of special elements, enabling Blind SQL Injection. Affected product/version: Tablesome specified as &lt;= 1.2.3; root cause: improper sanitization of SQL queries; ...

PT-2026-22585

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to SQL Injection. This issue affects the /TracerStudy/recordteacher view.php script when handling the teacherID parameter. Exploitation may...

CVE-2026-21410

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution...

CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

WordPress Post SMTP plugin < 2.8.7 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Alex Sanford in WordPress Plugin Post SMTP versions 2.8.7...