EUVD-2018-21821

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

CVE-2026-7392 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-7392

CVE-2026-7392 involves a SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability affects the function delete_supplier in the file /ajax.php?action=delete_supplier, where manipulation of the argument ID can lead to a SQL injection. The issue can be exploited remo...

EUVD-2026-26217

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through = 3.44.0...

CVE-2026-3325 SQL injection in MegaCMS by CRM Sistemas de Fidelización

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as...

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the sortasc parameter in the GetSortData...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function saveSettings within the file...

PT-2026-36016

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description Remote SQL injection is possible via the manipulation of the pid argument in the '/admin/ajax.php?action=add to cart' endpoint. SQL injection is a type of flaw that allows an...

PT-2026-36903

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the Oracle Database node's select operation allows user-controlled input passed into the Limit field via expressions to be...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

UBUNTU-CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

Embedded Malicious Code

Overview @cap-js/db-service is a CDS base database service Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are activel...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. CVE-2026-6747: Use-after-free in the WebRTC component. CVE-2026-6748: Uninitialized memory i...

CVE-2026-7293

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CVE-2026-40550

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

CVE-2026-7283 SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

EUVD-2026-26052

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...