CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

PT-2026-22791

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac temp.db...

CVE-2026-26884

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

CVE-2026-26892

CVE-2026-26892 affects Sourcecodester Logistics Hub Parcel’s Management System v1.0, with SQL Injection in /manage_carrier.php. Documents confirm a network-accessible vulnerability impacting confidentiality, integrity, and availability (CVSSv3.1: C/H, I/H, A/H; AV:N/AC:L/PR:H/UI:N/S:U). No remedi...

CVE-2024-55027

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...

PT-2026-22751

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete appointment...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

EUVD-2021-22126

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter rollno in the file...

CVE-2026-26890

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manageproduct.php...

PT-2026-22831

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0 Description A security issue exists in itsourcecode College Management System version 1.0 related to the processing of the /admin/class-result.php file. Manipulation of the course code argumen...

WordPress plugin LatePoint SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

CVE-2026-26890

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manageproduct.php...

Weintek cMT 安全漏洞

Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability, which stems from the uactemp.db component storing credentials in plaintext...

PT-2026-22787

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage category.php...

CVE-2021-35484

The CVE-2021-35484 entry affects Nokia IMPACT (through 19.11.2.10-20210118042150283). A authenticated user can perform a Time-based Boolean Blind SQL Injection on the endpoint /ui/rest-proxy/campaign/statistic (View Campaign page) via the sortColumn HTTP GET parameter, enabling access to database...

PT-2026-22786

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage stock.php...

PT-2026-22759

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...