FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from information leaks, which may lead to the retrieval of sensitive management database credentials...

Fortinet FortiClientEMS SQL注入漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation in the United States. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security...

PT-2026-6737

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains multiple SQL injection flaws that allow manipulation of database queries. Attackers can leverage the Router ID and Router IP parameters to exploit error-based, time-based, and union-bas...

PT-2026-6768

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a SQL Injection issue within the ajax select.php endpoint when processing the componenti operation. An authenticated attacker can inject malicious SQL code...

PT-2026-6732

Name of the Vulnerable Software and Affected Versions Infor SyteLine ERP affected versions not specified Description The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption...

itsourcecode School Management System SQL注入漏洞

itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameter IDs in the file...

PT-2026-6705

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...

PT-2026-6799

Name of the Vulnerable Software and Affected Versions Agentspace versions prior to December 12th, 2025 Description The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and...

PT-2026-6754

Name of the Vulnerable Software and Affected Versions Simple Blood Donor Management System version 1.0 Description A flaw exists in Simple Blood Donor Management System version 1.0 that allows for remote SQL injection. The issue is located in the /simpleblooddonor/editcampaignform.php file,...

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.73.0 have a SQL injection vulnerability. This vulnerability occurs when querying JSON or richText fields, where user input is directly embedded into SQL without...

WordPress Post SMTP plugin < 2.8.7 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Alex Sanford in WordPress Plugin Post SMTP versions 2.8.7...

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 26, 2026 to February 1, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

EUVD-2020-31050

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2025-206875

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...