CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3221

Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access...

EUVD-2026-8902

A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the hostingid parameter, which allows for SQL injections. It may allow unverified attackers to...

groupoffice SQL注入漏洞

GroupOffice is an open-source groupware and CRM solution developed by Intermesh. Versions of GroupOffice prior to 26.0.8, 25.0.87, and 6.8.153 contain SQL injection vulnerabilities. These vulnerabilities stem from improper handling of the advancedQueryData parameter, which may lead to SQL injecti...

PT-2026-22412

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. A critical Remote Code Execution RCE issue exists in the application’s database restoration functionality. An attacker with administrative access can...

openDCIM SQL注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a SQL injection vulnerability. This vulnerability stems from the use of Config::UpdateParameter without using prepared statements or input sanitization, which may lead to SQL injection...

OCaml Security Advisory Database 安全漏洞

The OCaml Security Advisory Database is a security database developed under the open-source OCaml language. Versions prior to 4.14.3 and 5.x versions before 5.4.1 of the OCaml Security Advisory Database contain security vulnerabilities. These vulnerabilities stem from excessive buffer reading...

PT-2026-22388

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 26.0.8 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.153 Description The software has a SQL Injection issue that can be exploited through the advancedQueryData parameter, specifically...

PT-2026-22358

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

PT-2026-22361

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

PT-2026-22301

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

PT-2026-22364

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products id parameter. Attackers can modify the products id value in product info.php requests and append boolean-based SQL injection...

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from SQL injections during login on the management panel, which may allow unverified attackers to bypass...

WeGIA 操作系统命令注入漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained an operating system command injection vulnerability. This vulnerability stemmed from the improper handling of special backup file names by the database recovery function,...

PT-2026-22360

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the http.Error function. An attacker can obtain sensitive database credentials by triggering database errors through authenticated HTTP requests. Remediation Upgrade...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the http.Error function. An attacker can obtain sensitive database credentials by triggering database errors through authenticated HTTP requests. Remediation Upgrade...

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

GHSA-GJ6X-Q8RH-WJ6X Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...