EUVD-2026-25417

Codechecker has an authentication bypass for certain API calls...

CVE-2026-38429

OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...

UBUNTU-CVE-2026-25588

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +35 more potentially affected by CVE-2026-6907 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-6907 Source advisory: OSV:PYSEC-2026-55...

WordPress WeePie Cookie Allow plugin <= 3.4.11 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Ren Voza in WordPress Plugin WeePie Cookie Allow versions = 3.4.11...

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2023-60568

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 4.0.60 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Yuvraj Tomar in WordPress Plugin ARMember versions = 4.0.60...

EUVD-2026-27240

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-40797

WordPress WebinarIgnition plugin (vulnerable: up to 4.08.253) by Saleswonder LLC contains an SQL Injection flaw described as an improper neutralization of SQL commands, allowing Blind SQL Injection. The issue affects WebinarIgnition versions from n/a through 4.08.253. CVSS 3.1 base score 9.3 (CRI...

EUVD-2026-27219

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

EUVD-2026-27175

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

CVE-2026-7822

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2026-7822 itsourcecode Courier Management System print_pdets.php sql injection

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...