PT-2026-32163

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to category.php with malicious cat id values to extract sensitive database information...

PT-2026-32171

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

MyT SQL注入漏洞

MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...

Adianti Framework SQL注入漏洞

Adianti Framework is a framework developed by Adianti for developing PHP applications. Versions 5.5.0 and 5.6.0 of Adianti Framework have SQL injection vulnerabilities. These vulnerabilities stem from insufficient input validation for the name field in the SystemProfileForm, which may lead to SQL...

CF Image Hosting Script 安全漏洞

CF Image Hosting Script is a lightweight image hosting script developed by David Tavarez. Version 1.6.5 of the CF Image Hosting Script contains a security vulnerability. This vulnerability stems from improper access control, which may lead to unauthorized database leaks and file deletion...

Dolibarr ERP CRM SQL注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 8.0.4 of Dolibarr ERP CRM contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the rowid parameter in the admin dict.php file, which may lead...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerabili...

GHSA-92MM-2PJQ-R785 vulnerabilities

Vulnerabilities for packages: kots, opentofu, trivy-fips, chainctl-fips, zarf, kubescape, zot, terragrunt, wolfictl, cloudbeat, conftest, packer-fips, trivy-operator-fips, k9s, snyk-cli, trivy, opentofu-fips, trivy-operator, zarf-fips, terragrunt-fips, task-fips, grype-db,...

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-5207

The CVE-2026-5207 entry concerns the LifterLMS WordPress plugin (versions up to 9.2.1). It describes an SQL Injection via the ‘order’ parameter due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated access at Instructor level (with edit_post capabi...

PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries

Summary The tableprefix configuration value is directly used to construct SQL table identifiers without validation. If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and...

SQL Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

SQL Injection

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted inpu...

GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

CVE-2026-35596

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, description...

CVE-2026-35599

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

CVE-2026-35597

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...

CVE-2026-35597 Vikunja Affected by TOTP Brute-Force Due to Non-Functional Account Lockout

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...

CVE-2026-35597

Vikunja prior to 2.3.0 is vulnerable to TOTP brute-forcing because the login failure path writes the account lock status (StatusAccountLocked) on the same DB session that is rolled back after a failed TOTP check. The in-memory counter in HandleFailedTOTPAuth tracks failures, and once it reaches 1...

CVE-2026-35597 Vikunja Affected by TOTP Brute-Force Due to Non-Functional Account Lockout

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...