CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

EUVD-2026-37049

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

CVE-2026-40771

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-52700 WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

CVE-2026-49776 WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-42687

The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...

CVE-2026-42386

The CVE-2026-42386 entry concerns the WordPress Order Delivery Date for WooCommerce plugin (versions

CVE-2026-39530

CVE-2026-39530 involves the WordPress plugin SpeakOut! Email Petitions, affecting versions

CVE-2026-39493

CVE-2026-39493 : The WordPress plugin Simply Schedule Appointments (versions