CVE-2026-32167

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

CVE-2026-32167 SQL Server Elevation of Privilege Vulnerability

...

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

CVE-2026-38528

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rottenlead parameter at /Lead/LeadDataGrid.php...

SQL Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to SQL Injection via the rottenlead parameter in the...

portswigger-sqlinjection-labs

🔐 SQL Injection Attack Lab – PortSwigger Web Security Academy...

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

EUVD-2026-22270

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/viewdetails.php...

EUVD-2026-22266

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

CVE-2026-37591

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/viewdetails.php...

KB5084821 - Description of the security update for SQL Server 2016 SP3 GDR: April 14, 2026

KB5084821 - Description of the security update for SQL Server 2016 SP3 GDR: April 14, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary Th...

KB5084815 - Description of the security update for SQL Server 2022 GDR: April 14, 2026

KB5084815 - Description of the security update for SQL Server 2022 GDR: April 14, 2026 Summary Known issue in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter vulnerability

Unauthenticated SQL Injection via 'cctsearch' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...

sql-xss

No d...

CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...

CVE-2026-36922

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/viewcategory.php...

CVE-2026-36923

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

CVE-2026-36872

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadbook.php...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...