Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

CVE-2025-67921

CVE-2025-67921 : The WordPress theme/plugin Lobo (Lobo – WordPress Portfolio for Freelancers & Agencies) contains an authenticated SQL injection vulnerability. Affected versions are those with

CVE-2025-22728

CVE-2025-22728 is an authenticated SQL injection in the Workreap plugin/theme for WordPress (

CVE-2025-22728 WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2025-22713 WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

CVE-2026-0701 code-projects Intern Membership Management System add_admin.php sql injection

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/addadmin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2026-0700 code-projects Intern Membership Management System check_admin.php sql injection

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/checkadmin.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-0698 code-projects Intern Membership Management System edit_students.php sql injection

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/editstudents.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The exploit has been disclos...

CVE-2019-25279

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...

CVE-2019-25279

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...

PT-2026-1978

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A security issue exists in code-projects Intern Membership Management System 1.0. The problem involves the processing of the file '/intern/admin/delete admin.php'...

PT-2026-1788

Name of the Vulnerable Software and Affected Versions vanquish WooCommerce Orders & Customers Exporter versions through 5.4 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. The affected...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2026-35542)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

EUVD-2026-1501

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

PT-2026-1685

Name of the Vulnerable Software and Affected Versions WP Cost Estimation versions up to and including 9.642 Description The WP Cost Estimation plugin for WordPress is affected by a flaw allowing arbitrary file uploads and deletion. This is due to a lack of file type validation in the lfb upload...

PT-2026-1866

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...

PT-2026-1904

Name of the Vulnerable Software and Affected Versions themesuite Automotive Listings versions n/a through 18.6 Description An issue exists in themesuite Automotive Listings that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows a...

PT-2026-1971

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A flaw exists in code-projects Intern Membership Management System version 1.0. The issue involves a SQL injection vulnerability within an unknown function of the...