CVE-2026-7708 Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

websec-sql-injection

WebSec SQL Injection Учебный backend-проект по безопасности в...

CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

CVE-2026-7697

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

Synctecxhub_SQL_Scanner

No d...

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

CVE-2026-7695

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform v1.3.0 contains a SQL injection in /SubstationWEBV2/main/elecMaxMinAvgValue triggered by manipulating the fCircuitids argument. The issue is network-accessible, remotely initiable, and has publicly disclosed exploit d...

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

CVE-2026-7694 Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System elecMaxMinAvgValue sql injection

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

OESA-2026-2159 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

CVE-2026-7688

Dolibarr ERP CRM (up to 23.0.2) contains a SQL injection in Shipments API Endpoint, via _checkValForAPI in htdocs/expedition/class/expedition.class.php. The vulnerability allows remote access with high attack complexity and LOW impact on confidentiality/integrity/availability; exploit maturity is...

EUVD-2026-26826

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

offensive-Sqli

No d...

CVE-2026-7672

The CVE-2026-7672 vulnerability affects youlaitech youlai-boot (up to version 2.21.1) in the Users Endpoint, specifically the getUserList function in src/main/java/com/youlai/boot/system/controller/UserController.java. The issue arises from manipulation of the argument order, enabling SQL injecti...

AMTT Hotel Broadband Operation System 注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system developed by AMTT Corporation. Version 1.0 of the AMTT Hotel Broadband Operation System contains a injection vulnerability. This vulnerability arises from the operation of unknown functions on parameters ID in the file...

PT-2026-36700

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand submit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

l4ki-TooL

TCP Port Scanner A simple Python tool that scans TCP ports on...

CVE-2026-7632

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...