82323 matches found
CVE-2026-36945
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manageclient.php...
CVE-2026-36923
Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...
EUVD-2026-21889
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...
CVE-2026-3830
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
EUVD-2026-21875
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...
EUVD-2026-21806
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFFID leads to sql injection. The attack can be launched remotely. The exploit is publicly...
CVE-2026-6166 code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...
CVE-2026-6166 code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...
CVE-2026-6166
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...
CVE-2026-3830
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2026-6164
Code-projects Lost and Found Thing Management 1.0 contains a SQL injection in an unknown area of /addcat.php via the cata argument. This vulnerability can be triggered remotely and is substantiated by public exploit activity. The CVE-2026-6164 details, as tracked by NVD and CVE records, show a ne...
WP Hotel Booking <= 2.1.0 - SQL Injection
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2026-6153
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFFID leads to sql injection. The attack can be launched remotely. The exploit is publicly...
CVE-2026-6151
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2026-6153 code-projects Vehicle Showroom Management System StaffDetailsFunction.php sql injection
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFFID leads to sql injection. The attack can be launched remotely. The exploit is publicly...
fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing
A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...
fontforge: FontForge: Remote Code Execution via malicious SFD file parsing
A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...
CVE-2026-6151
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2026-6151
CVE-2026-6151 affects the code-projects Vehicle Showroom Management System 1.0. The vulnerability exists in /util/PaymentStatusFunction.php where manipulating the argument CUSTOMER_ID leads to SQL injection. The issue can be exploited remotely and the exploit is public. No remediation details are...