coze-studio 注入漏洞

Coze-Studio is an open-source one-stop AI intelligent agent development tool developed by Coze-Dev. Versions of Coze-Studio prior to 0.5.1 had a injection vulnerability. This vulnerability stems from the ExecuteSQL operation in the databaseTool component’s file...

yu-picture 注入漏洞

Yu-Picture is an intelligent cloud image library platform developed by Liyupi’s individual developers, designed for team collaboration. Yu-Picture has a vulnerability related to injection attacks. This vulnerability stems from improper handling of the sortField parameter in the PageRequest functi...

Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API

Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...

EcclesiaCRM 安全漏洞

EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the custom parameter in the...

PT-2026-33222

Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...

EUVD-2026-22561

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

LDAP Injection

Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...

CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

PT-2026-32169

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2025-69215: OpenSTAManager has an SQL Injection in the Sta...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-6007

Affected product: itsourcecode Construction Management System 1.0. Vulnerability: SQL injection in /del.php via the equipname parameter. Impact/ability to exploit: Remote attacker execution possible; exploit publicly available. The CVE record provides no vendor-specific patch or remediation detai...

CVE-2026-6004 code-projects Simple IT Discussion Forum delete-category.php sql injection

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

PHP MySQL User Signup Login System 安全漏洞

PHP MySQL User Signup Login System is a MySQL registration and login system developed by Keerti Vishwkarma. Version 1.0 of the PHP MySQL User Signup Login System has a security vulnerability. This vulnerability stems from a flaw in the username parameter used in the login.php file, which may lead...

EUVD-2026-19632

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2026-5543

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

PT-2026-30504

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter user mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

PT-2026-30496

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu lev1 parameter to extract sensitive...