82389 matches found
CVE-2026-31920 WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...
CVE-2026-31920
CVE-2026-31920 describes an SQL Injection vulnerability in the WordPress plugin “Product Rearrange for WooCommerce” (woocommerce) that allows a Blind SQL Injection in versions up to 1.2.2. The Initial document notes the impact as severe (CRITICAL) with a CVSS3.1 base score of 9.3, and the issue i...
CVE-2026-27039 WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through = 14.0.31...
CVE-2026-25371 WordPress Lumise Product Designer plugin < 2.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...
CVE-2026-25007 WordPress ElementInvader Addons for Elementor plugin <= 1.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.2...
CVE-2026-24977 WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through = 2.1.2...
CVE-2026-22484
CVE-2026-22484 is a SQL Injection in the WordPress Lisfinity Core plugin (versions n/a through <= 1.5.0). The issue is described as improper neutralization of elements used in SQL commands, enabling SQL Injection against Lisfinity Core. Public sources (NVD, Red Hat security, EUVD/ENISA, CVE li...
CVE-2024-58341 OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...
EUVD-2026-15218
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability
Unauthenticated SQL Injection via Listing Grid 'filteredquery' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...
Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @rexxtheproject/keyed-db is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-2165 Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
CVE-2026-4784 code-projects Simple Laundry System Parameter checkcheckout.php sql injection
A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-4784
The CVE-2026-4784 vulnerability affects code-projects Simple Laundry System 1.0, specifically the Parameter Handler’s /checkcheckout.php and its serviceId parameter. The root cause allows SQL injection in a remote-exploit scenario, with the exploit already public and potentially usable. Multiple ...
EUVD-2026-15027
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...
SUSE CVE-2026-29073
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...