740 matches found
CVE-2026-8635
Security bulletin confirms CVE-2026-8635 affects Langflow OSS versions 1.0.0–1.10.0 where an authenticated user can exploit the Python Interpreter component to execute arbitrary code, bypass controls, and escalate to superuser by manipulating the database, potentially compromising the Langflow se...
CVE-2026-8635 Arbitrary Code Execution in Python Interpreter Component
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
mooSocial Store Plugin SQL注入漏洞
mooSocial Store Plugin is a social e-commerce extension plugin from mooSocial. A SQL injection vulnerability exists in mooSocial Store Plugin version 2.6, which stems from a blind SQL injection via the product parameter in the URL rewriting feature, which could lead to database query manipulation...
CVE-2018-25346
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...
Astra Linux – Vulnerability in Rails
There is a potential escalation to an RCE vulnerability when using YAML serialized columns in Active Record versions 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1. This could allow an attacker, who can manipulate data in the database through methods like SQL injection, to escalate the attack to an RCE...
PT-2026-41556
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...
CVE-2026-7489
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-41029
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...
CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...
CVE-2019-25688
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menulev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menulev1 parameter to extract sensitive...
SQL Injection
baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...
CVE-2026-34747
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...
EUVD-2025-208935
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
CVE-2025-41007
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...
EUVD-2019-19806
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
EUVD-2019-19805
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
EUVD-2019-19802
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...
CVE-2019-25537
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...
CVE-2019-25521
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...