CVE-2026-38528

CVE-2026-38528 affects Krayin CRM v2.2.x and is a SQL injection vulnerability exploitable via the rotten_lead parameter in /Lead/LeadDataGrid.php. The NVD/NVD-derived metrics show CVSS 3.1 base score 7.1 (High), with Network attack vector, Low attack complexity, Privileges Required: Low, User Int...

CVE-2026-37591

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/viewdetails.php...

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

SAP HANA Cockpit和SAP HANA Database Explorer 安全漏洞

SAP HANA Cockpit and SAP HANA Database Explorer are both products of the German company SAP. SAP HANA Cockpit is a database monitoring and management console platform. SAP HANA Database Explorer is a database querying and development management tool. Both SAP HANA Cockpit and SAP HANA Database...

PT-2026-32682

CVE-2026-38528 Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten lead parameter at /Lead/LeadDataGrid.php. https://t.co/u0tPkhpW1p...

WordPress plugin JetEngine SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-37594

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewemployee.php...

EUVD-2026-22041

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

SQL Injection

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to SQL Injection via the hasVariant or hasProduct properties, which bypass input sanitization in subqueries. An attacker can extract arbitrary database contents, including sensitive security keys, by...

CVE-2026-35597

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

EUVD-2026-22008

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/managecurriculum.php...

EUVD-2026-21998

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

EUVD-2026-22006

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...

EUVD-2026-22002

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/viewroom.php...

CVE-2026-6191

A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

CVE-2026-6191

The CVE-2026-6191 entry concerns itsourcecode Construction Management System 1.0. A vulnerability exists in an unknown function of /equipments.php where manipulating the Name argument can trigger SQL injection. The issue is exploitable remotely, and the exploit has been publicly disclosed. Accord...

CVE-2026-34186

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...