82466 matches found
Improper Output Neutralization for Logs
Overview org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to insufficient escaping of unicode characters in query.log output. A user can inject a malicious log...
CVE-2025-13379
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
EUVD-2026-5688
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2026-2013 itsourcecode Student Management System index.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-2012
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...
CVE-2026-21643
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
PT-2026-6769
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...
itsourcecode School Management System SQL注入漏洞
itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameter IDs in the file...
PT-2026-6724
Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...
PT-2026-6799
Name of the Vulnerable Software and Affected Versions Agentspace versions prior to December 12th, 2025 Description The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and...
PT-2026-6705
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from information leaks, which may lead to the retrieval of sensitive management database credentials...
PT-2026-6732
Name of the Vulnerable Software and Affected Versions Infor SyteLine ERP affected versions not specified Description The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption...
PT-2026-6768
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a SQL Injection issue within the ajax select.php endpoint when processing the componenti operation. An authenticated attacker can inject malicious SQL code...
PT-2026-6851
Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...
PT-2026-6737
Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains multiple SQL injection flaws that allow manipulation of database queries. Attackers can leverage the Router ID and Router IP parameters to exploit error-based, time-based, and union-bas...
itsourcecode Student Management System SQL注入漏洞
itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of the itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...
AhadPOS SQL注入漏洞
AhadPOS is a web-based point-of-sale software developed by RIMbalinux’s individual developers. Version 1.11 of AhadPOS contains an SQL injection vulnerability, which stems from the alamatCustomer parameter being susceptible to SQL injections. This vulnerability could allow attackers to extract...
PT-2026-6867
Summary A SQL Injection vulnerability exists in the ajax select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...
Payload SQL注入漏洞
Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.73.0 have a SQL injection vulnerability. This vulnerability occurs when querying JSON or richText fields, where user input is directly embedded into SQL without...