CVE-2026-1517

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

CVE-2026-1517 iomad Company Admin Block sql injection

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

CVE-2026-1517

CVE-2026-1517 affects iomad up to version 5.0, specifically an unknown function within the Company Admin Block that enables SQL injection. The vulnerability can be exploited remotely; CVSS metrics indicate network attack vector, low attack complexity, and high privileges required. Documented impa...

sql-injection

SQL Injection Payloads List SQL Injection Payloads List...

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing

A flaw was found in FontForge. This use-after-free vulnerability, occurring during the parsing of SFD Spline Font Database files, allows a remote attacker to execute arbitrary code. Successful exploitation requires user interaction, such as opening a specially crafted malicious file or visiting a...

GHSA-C5GQ-4H56-4MMX FUXA Unauthenticated Exposure of Plaintext Database Credentials

Description An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments,...

FUXA Unauthenticated Exposure of Plaintext Database Credentials

Description An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments,...

PT-2026-6650

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.73.0 Description Payload is a free and open source headless content management system. Prior to version 3.73.0, user input was directly embedded into SQL queries without proper escaping when querying JSON or richTex...

PT-2026-5869

Name of the Vulnerable Software and Affected Versions Infinera DNA affected versions not specified Description Infinera DNA is susceptible to a time-based SQL injection due to inadequate input validation. This flaw could lead to the disclosure of sensitive information. The vulnerability involves...

SQL Injection Vulnerability in the Identity Management System of Xiamen Entropy Base Technology Co.

Human ID Magic Identity Authentication Management System is a "real person" verification software system independently developed by Entropy Base Technology for the "one person one ID". The software quickly reads the information of the second-generation ID card, Hong Kong and Macao residents'...

PT-2026-6553

Name of the Vulnerable Software and Affected Versions IBM Aspera Console versions 3.4.0 through 3.4.8 Description The software is susceptible to a SQL injection issue. A remote attacker could potentially send crafted SQL statements to access, modify, or delete data within the back-end database. T...

PT-2026-6629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in WebRTC allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. WebRTC Web Real-Time Communication is a technology...

IBM DB2 Multiple Vulnerabilities (7257697, 7257698) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper...

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The...

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

CVE-2026-25234

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

CVE-2025-69213

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...