643 matches found
CVE-2026-4321
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...
CVE-2026-13526 SourceCodester Class and Exam Timetabling System edit_class.php sql injection
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
PT-2026-52833
Name of the Vulnerable Software and Affected Versions Recipe Maker For Your Food Blog from Zip Recipes versions prior to 8.2.8 Description A SQL Injection issue exists that allows exploitation at the contributor level. SQL Injection is a technique where an attacker inserts malicious SQL code into...
CVE-2019-25750
Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...
EUVD-2017-19000
Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...
CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability
The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...
EUVD-2026-37720
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...
CVE-2026-54187
Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...
WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...
CVE-2026-44172
CVE-2026-44172 affects MariaDB (community fork of MySQL). In versions 3.3.18 and 3.4.8, non-validated user input escaped with mysql_real_escape_string() and sent via text protocol using the big5 character set could be exploited for SQL injection, despite the escaping attempt. The issue has been p...
CVE-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-42835
Microsoft Teams for Android contains a vulnerability described as improper neutralization of special elements in output used by a downstream component ('injection'), enabling an authorized attacker to disclose information over a network. Affected software: Microsoft Teams for Android. Root cause:...
Nemon Trade Energy和Nemon Trade Energy CRM SQL注入漏洞
Nemon Trade Energy and Nemon Trade Energy CRM are both products of the Spanish company Nemon. Nemon Trade Energy is a platform for managing energy retail businesses. Nemon Trade Energy CRM is a platform for managing energy customer relationships. Both Nemon Trade Energy and Nemon Trade Energy CRM...
EUVD-2026-35043
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-11483
The CVE-2026-11483 entry concerns SourceCodester Class and Exam Timetabling System 1.0. A SQL injection vulnerability exists in an unknown function of the file /archive4.php, triggered by manipulating the argument sy. Exploitation is possible remotely, and the exploit has been publicly released. ...
PT-2026-47263
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...
CVE-2026-7128
A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...