CVE-2026-3487 itsourcecode College Management System class-result.php sql injection

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

GHSA-45RP-9P97-H852 NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

CVE-2026-26891

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manageparceltype.php...

CVE-2026-26887

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/managesupplier.php...

CVE-2026-26888

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/managestock.php...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

CVE-2026-26884

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

CVE-2026-26885

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...

CVE-2026-26886

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manageservice.php...

Security Bulletin: EDB PostgreSQL - CVE-2023-39417

Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...

CVE-2025-12462

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection. This issue was fixed in versions above 8.0...

[SECURITY] [DSA 6155-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 03, 2026 https://www.debian.org/security/faq -...

RLSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

WordPress Contest Gallery plugin <= 28.1.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Thomas Sanzey in WordPress Plugin Contest Gallery versions = 28.1.4...

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.

Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...

CVE-2026-26705

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewproduct.php...

CVE-2026-26696

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacheredit.php...

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...