Ory Hydra has a SQL injection via forged pagination tokens

Description Following Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation: - listOAuth2Clients - listOAuth2ConsentSessions - listTrustedOAuth2JwtGrantIssuers Pagination tokens are encrypted using the secret configured in secrets.pagination. If thi...

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and quotes, which are not properly...

GHSA-FR9J-6MVQ-FRCV Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...

GHSA-8P58-35C3-CCXX AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter

Summary The RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations — LiveTransmitionHistory::getLatest and LiveTransmition::keyExists — without parameterized binding...

AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter

Summary The RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations — LiveTransmitionHistory::getLatest and LiveTransmition::keyExists — without parameterized binding...

Access Control Bypass

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Access Control Bypass through the exposure of secret keys in the clones.json.php endpoint, which allows an attacker to trigger a database dump and obtain admin...

AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection

Summary Multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without authentication, which can be used to trigger a full database dump via...

GHSA-687Q-32C6-8X68 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection

Summary Multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without authentication, which can be used to trigger a full database dump via...

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

CVE-2026-4504

A vulnerability (CVE-2026-4504) affects eosphoros-ai db-gpt up to version 0.7.5. The flaw involves unknown code in the /api/v1/editor/ path of the Incomplete Fix component, enabling SQL injection through manipulation. It can be exploited remotely and an exploit has been published. The vendor was ...

CVE-2025-62846 QuRouter

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2026-4485

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin Product Rearrange for WooCommerce versions = 1.2.2...

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Range or Values summarizer, which renders raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious content...

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-33134

CVE-2026-33134 affects WeGIA web manager (versions 3.6.5 and earlier). The vulnerability is an authenticated SQL injection in the endpoint html/matPat/restaurar_produto.php, where the parameter id_produto is read from $_GET and directly interpolated into two SQL query strings without sanitization...

CVE-2026-33133

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

EUVD-2026-13676

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...