SUSE CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8128

SourceCodester SUP Online Shopping 1.0 is affected by a SQL injection in an unknown function of /admin/viewmsg.php triggered by manipulating the msgid parameter. This vulnerability can be exploited remotely and the exploit has been published. The CVE entries (CVE-2026-8128) indicate a mix of CVSS...

CVE-2026-8126

SourceCodester Comment System 1.0 is affected by a SQL injection in post_comment.php caused by improper handling of the Name parameter. Remote exploitation is possible, and a public exploit has been published. The CVSS data indicate high impact on confidentiality, integrity, and availability (vec...

GHSA-MMPC-XJXR-5HF8 OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

PT-2026-38683

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

WordPress plugin OttoKit: All-in-One Automation Platform SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an overflow in the processing of long HMAC keys in the crypto CAAM driver, and an issue where the kmemd...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a vulnerability due to improper handling of parameters in the file admin/replymsg.php, which may lead to SQL injection attacks...

NornicDB 安全漏洞

NornicDB is a fusion database developed by TJ Sweet, which supports graph, vector, and historical data queries. Versions of NornicDB prior to 1.0.42-hotfix contained security vulnerabilities. These vulnerabilities stemmed from the Bolt listener always binding to wildcard addresses, ignoring user...

PT-2026-39315

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus versions prior to 9.1.11.001 Description The plugin fails to properly sanitize and escape a parameter before its use in a SQL query. This allows unauthenticated users to execute SQL injection attacks, which involve insertin...

PT-2026-39271

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a SQL injection vulnerability, which arises from the parameter manipulation in the file wishlist.php, potentially leading to remote attack...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

PT-2026-38656

Name of the Vulnerable Software and Affected Versions zyx0814 FilePress versions prior to 2.2.1 Description An issue exists in the Shares Filelist API within the file 'dzz/shares/admin.php'. Manipulation of the argument order allows a remote attacker to perform SQL injection, which is a technique...

PT-2026-38668

Name of the Vulnerable Software and Affected Versions Prison Management System Using PHP version 1.0 Description An issue exists on the Admin login page where the username parameter is susceptible to SQL injection, a technique that allows an attacker to interfere with the queries that an...