CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7028 CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7028

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

Exploit for SQL Injection in Djangoproject Django

CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...

yu-picture 注入漏洞

Yu-Picture is an intelligent cloud image library platform developed by Liyupi’s individual developers, designed for team collaboration. Yu-Picture has a vulnerability related to injection attacks. This vulnerability stems from improper handling of the sortField parameter in the PageRequest functi...

CVE-2026-6982

CVE-2026-6982 affects star7th ShowDoc up to versions 2.10.10, 3.6.2 and 3.8.0. The vulnerability resides in an unknown functionality of file server/Application/Api/Controller/PageController.class.PHP within the API Page Sort Endpoint, where manipulating the pages argument can lead to SQL injectio...

PT-2026-35153

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

KLiK SocialMediaWebsite 注入漏洞

KLiK SocialMediaWebsite is a simple social media website developed by Muhammad Saad using PHP. Versions of KLiK SocialMediaWebsite 1.0.1 and earlier had a vulnerability related to injection attacks. This vulnerability stemmed from the cid parameter operations in the Private Message Handler...

ShowDoc 注入漏洞

ShowDoc is a tool developed by star7th, ideal for online document sharing among IT teams. Versions 2.10.10, 3.6.2, and 3.8.0 of ShowDoc contain injection vulnerabilities. These vulnerabilities stem from improper handling of parameters in the...

CLSA-2026-1777031791 openldap: Fix of 2 CVEs

CVE-2022-29155: fix a SQL injection vulnerability in the back-sql backend to slapd - CVE-2021-27212: fix denial of service daemon exit via a short timestamp if slapd is used...

CVE-2026-33078 Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

EUVD-2026-25357

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

PT-2026-35085

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-6887 BorG Technology Corporation｜Borg SPM 2007 - SQL Injection

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-6887 BorG Technology Corporation｜Borg SPM 2007 - SQL Injection

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-40529

CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...

Security update for cacti, cacti-spine (critical)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0148-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...

WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by TruongLV1 From FPT Night Wolf in WordPress Plugin Feed KuantoKusta for WooCommerce – Free versions = 5.3...

EUVD-2026-24585

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is a comprehensive human resource development solution provided by aEnrich Corporation. aEnrich a+HRD has a SQL injection vulnerability. This vulnerability stems from SQL injections, which may allow authenticated remote attackers to inject arbitrary SQL commands to read database...