CVE-2026-4079

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...

CVE-2026-5719

The CVE-2026-5719 entry concerns itsourcecode Construction Management System 1.0. The vulnerability is in the file /borrowedtool.php, where manipulation of an argument can lead to SQL injection. The issue is exploitable remotely, and the exploit has been published. The available sources provide t...

GHSA-WH4C-J3R5-MJHP vulnerabilities

Vulnerabilities for packages: sqlpad, arangodb, saf...

PT-2026-30949

ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...

PT-2026-30964

ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the Name and Description parameters by the /PropertyTypeEditor.php endpoint, which could lead to SQL...

PT-2026-30958

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

Windmill SQL注入漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.276.0 to 1.603.2 have a SQL injection vulnerability. This vulnerability stems from the owner parameter in the folder ownership management function, which allows for SQL injection attacks. It...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the ENtyid parameter in the EditEventTypes.php file not being cleaned properly, which could lead to SQL injection attacks...

PT-2026-30943

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRM's SettingsIndividual.php where user-controlled array keys from the type POST parameter are used directly in SQL queries without sanitization. This allows any authenticated user ...

Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

drizzle-orm SQL注入漏洞

Drizzle-ORM is a lightweight, multi-database-supported TypeScript ORM project developed by the Drizzle Team. Versions of drizzle-orm prior to 0.45.2 and 1.0.0-beta.20 contain a SQL injection vulnerability. This vulnerability arises from the improper escaping of SQL identifiers in the escapeName...

PT-2026-30953

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

PT-2026-30803

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 17.0 through 28.4.2, 27.3.4.10 and 26.2.5.19 Description A predictable number generation issue in the Erlang/OTP kernel's inet res and inet db modules allows for DNS cache poisoning. The built-in DNS resolver uses a...

PT-2026-30954

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

CVE-2024-36058

CVE-2024-36058 (Koha) is a time-based SQL injection affecting the Send Basket feature. Vulnerable in Koha Library before 23.05.10, the issue stems from unsanitized POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, enabling a library user to read arbitrary data from the database. Multip...

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...

PT-2026-30801

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...