CVE-2026-7744

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

Exploit for CVE-2026-6379

CVE-2026-6379 — WP Photo Album Plus :8080/?pageid=" --mode pr...

CVE-2026-7741 CodeAstro Online Classroom studentlogin sql injection

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

EUVD-2026-26881

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

VulnCheck KEV: CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2026-36790

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained SQL injection vulnerabilities. These vulnerabilities stemmed from the use of row:search and row:get operations in the SeaTable node, where user-controlled inp...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/studentlogin that manipulate the parameter sid, allowing...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contain SQL injection vulnerabilities. These vulnerabilities stem from the use of the Limit field in the select operation of the Oracle Database node, where...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contain SQL injection vulnerabilities. These vulnerabilities arise from the direct interpolation of user-controlled table names, column names, and update keys into the...

Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

PT-2026-36787

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

PT-2026-36785

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

VulnCheck KEV: CVE-2025-5339

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultydetails that allows for SQL injection when the...

PT-2026-37102

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Broken TLS validation logic in the OVN database connection logic allows connections to an attacker's OVN database. The OVN client implementations disable standard Go TLS server verification and use a...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from unknown functions in the file/OnlineClassroom/addnewstudent that manipulate the parameter fname, allowi...

OpenC3 COSMOS SQL注入漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. In versions 6.7.0 to 7.0.0-rc3 of OpenC3 COSMOS, there was a SQL injection vulnerability. This vulnerability stemmed from the tsdblookup function in the Time-Series Database component, which directly accepted user input without prop...

ALSA-2026:13537 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...