CVE-2026-7632

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2026-7632

The CVE-2026-7632 entry describes a SQL injection in code-projects Online Hospital Management System 1.0, specifically in /viewappointment.php through the delid parameter. The underlying cause is input manipulation that facilitates injection, with remote exploitation possible. Public exploitation...

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

CVE-2026-4061 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

CVE-2026-4060 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

CVE-2026-7489

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-7489 Sunnet｜CTMS - SQL Injection

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7489 Sunnet｜CTMS - SQL Injection

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7649

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

CVE-2026-7649 ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied paramete...

[SECURITY] Fedora 44 Update: GitPython-3.1.49-1.fc44

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

mcp-exploitdb-query

mcp-exploitdb-query MCP server to query ExploitDB. This serv...

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7592

The CVE-2026-7592 entry concerns itsourcecode Courier Management System 1.0. The issue affects the file /edit_staff.php, where manipulating the ID parameter can lead to a SQL injection. The vulnerability is described as exploitable remotely with a public exploit available and a PROOF-OF-CONCEPT e...

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...