PT-2026-2423

Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...

VIAVIWEB Wallpaper Admin SQL注入漏洞

VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the imgid parameter that could lead to the extraction of database...

PT-2026-2747

🟠 CVE-2026-20947 - High Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. https://t.co/plm6gTTLxj https://t.co/1kjK6Hr4sV...

Aero CMS SQL注入漏洞

Aero CMS is a content management system from Aero CMS, Inc. in the United States. A SQL injection vulnerability exists in Aero CMS version 0.0.1, which stems from a SQL injection vulnerability in the author parameter that could lead to the extraction of sensitive database information...

PT-2026-2766

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Windows Server versions affected versions not specified Description The issue centers around the approaching expiration of Microsoft certificates used in Windows Secure Boot, specifically those...

IBM DB2 Privilege Escalation (7250486) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of service due to improper neutralization of special elements in...

MiracleLinux 8 : mysql:8.0 (AXSA:2025-10922:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10922:01 advisory. mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql: Optimizer unspecified vulnerability CPU Apr 2025 CVE-2025-30688 mysql...

CVE-2025-67146

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...

CVE-2025-67147

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in 1 submitcontact.php, the 'username' and 'passkey' parameters in 2 securelogin.php, and the 'loginid', 'pwfield', and 'loginkey' parameters in 3...

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

CVE-2025-41005

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

CVE-2025-41004 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CVE-2026-0851

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-0851

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-0852 code-projects Online Music Site AdminUpdateUser.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is a Code-Projects open source online music site. A SQL injection vulnerability exists in code-projects Online Music Site version 1.0, which stems from incorrect manipulation of the parameter ID in the file /Administrator/PHP/AdminUpdateUser.php, which can lead to...

GYM-MANAGEMENT-SYSTEM 安全漏洞

GYM-MANAGEMENT-SYSTEM is a gym management system by Abhishek S Personal Developer. A security vulnerability exists in GYM-MANAGEMENT-SYSTEM version 1.0, which stems from the unvalidated name parameter in membersearch.php, trainersearch.php, and gymsearch.php, and the id parameter in...

CVE-2025-67146

Summary: CVE-2025-67146 affects AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 with multiple SQL Injection flaws. The issues occur via the name parameter in member_search.php, trainer_search.php, and gym_search.php, and via the id parameter in payment_search.php. An unauthenticated remote attacker coul...