Sequelize SQL注入漏洞

Sequelize is an open-source database ORM Object-Relational Mapping tool for Node.js. Versions of Sequelize prior to 6.37.8 had a SQL injection vulnerability. This vulnerability stemmed from type conversion that wasn’t properly escaped during the handling of JSON/JSONB WHERE clauses, which could...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may lead to the reading,...

ROS-20260310-73-0002

A vulnerability in the MySQL and MariaDB database management system is related to information disclosure. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may allow authenticated...

SAP NetWeaver SQL注入漏洞

SAP NetWeaver is a service-oriented integrated application platform developed by the German company SAP. This platform primarily provides development and runtime environments for SAP applications. SAP NetWeaver has a SQL injection vulnerability, which arises from unvalidated or escaped user input...

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the fact that the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API filters directly pa...

PT-2026-24164

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description An authenticated attacker with user privileges may be able to read Database Analyzer Log Files due to a missing authorization check within a specific RFC...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to gain higher privileges. The following...

PT-2026-24345

CVE-2025-56421 SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. https://t.co/LNI5znu9QV...

PT-2026-24160

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-1300)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

EUVD-2026-10357

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

CVE-2026-3761

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

CVE-2026-3755

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /checkcustomerdetails.php of the component POST Handler. Executing a manipulation of the argument stockname1 can lead to sql injection. The attack can be launched remotely...

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

CVE-2026-3744

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

CVE-2026-3760

A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /viewresult.php. Performing a manipulation of the argument seme results in sql injection. The attack is possible to be carried out remotely. The exploit is now public...