CVE-2026-36872

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadbook.php...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

EUVD-2026-22173

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262

CVE-2026-34262 concerns an information disclosure in SAP HANA Cockpit and SAP HANA Database Explorer. Connected sources indicate the issue allows leakage of X.509 private keys via Database Explorer access, enabling potential server impersonation. The PT-2026-32569 note emphasizes that patching al...

Craft Commerce hasVariant/hasProduct Blind SQL Injection

Overview Craft Commerce’s ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the unset blocklist added to ElementIndexesController in GHSA-2453-mppf-46cj. The blocklist only strips top-level Yii2 Query properties where, orderBy, etc., but hasVariant and hasProduct pass throug...

PT-2026-32881

CVE-2026-33120 | Microsoft SQL Server 2022 GDR | Remote Code Execution Description Untrusted pointer dereference in Microsoft SQL Server 2022 GDR allows an auth'd attacker to achieve RCE over a network by triggering invalid memory access. Severity: High Exploitation: Unknown Public PoC: Unknown...

CVE-2026-37591

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/viewdetails.php...

SAP HANA Cockpit和SAP HANA Database Explorer 安全漏洞

SAP HANA Cockpit and SAP HANA Database Explorer are both products of the German company SAP. SAP HANA Cockpit is a database monitoring and management console platform. SAP HANA Database Explorer is a database querying and development management tool. Both SAP HANA Cockpit and SAP HANA Database...

PT-2026-33235

Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...

PT-2026-32586

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

CVE-2026-37590

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/managerent.php...

CVE-2026-37601

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manageappointment.php...

CVE-2026-37592

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/managepricing.php...

PT-2026-32682

CVE-2026-38528 Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten lead parameter at /Lead/LeadDataGrid.php. https://t.co/u0tPkhpW1p...

PT-2026-32835

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper neutralization of special elements used in an sql command SQL injection allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker...

WordPress plugin JetEngine SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...