CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

CVE-2026-4935 SureTriggers < 1.1.23 – Unauthenticated SQLi

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

CVE-2026-8131

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2026-42208

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

EUVD-2026-28503

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

CVE-2026-42208

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

CVE-2026-42208

LiteLLM proxy (AI Gateway) versions 1.81.16–1.83.6 suffer a SQL injection in the proxy API key verification path where the caller-supplied key is interpolated into a SQL query during error handling. An unauthenticated attacker can send a crafted Authorization header to LLM routes (e.g., POST /cha...

CVE-2026-8133

CVE-2026-8133 affects zyx0814 FilePress up to version 2.2.0, specifically the Shares Filelist API concerning dzz/shares/admin.php. The vulnerability arises from incorrect handling of argument order, enabling SQL injection. It is exploitable remotely, with exploitation details publicly disclosed. ...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8131

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2026-8130

CVE-2026-8130 affects SourceCodester SUP Online Shopping 1.0. The vulnerability exists in an unknown function within /admin/message.php where manipulating the seenid parameter enables SQL injection. The issue appears exploitable remotely and public exploit code is available. The provided sources ...

CVE-2026-8129 SourceCodester SUP Online Shopping wishlist.php sql injection

A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...

SUSE CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8128

SourceCodester SUP Online Shopping 1.0 is affected by a SQL injection in an unknown function of /admin/viewmsg.php triggered by manipulating the msgid parameter. This vulnerability can be exploited remotely and the exploit has been published. The CVE entries (CVE-2026-8128) indicate a mix of CVSS...

CVE-2026-8126

SourceCodester Comment System 1.0 is affected by a SQL injection in post_comment.php caused by improper handling of the Name parameter. Remote exploitation is possible, and a public exploit has been published. The CVSS data indicate high impact on confidentiality, integrity, and availability (vec...

GHSA-MMPC-XJXR-5HF8 OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a vulnerability due to improper handling of parameters in the file admin/replymsg.php, which may lead to SQL injection attacks...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

PT-2026-38683

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...