8417 matches found
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-55635
DataEase contains an authenticated SQL injection in chart quota filters prior to version 2.10.24. The vulnerability arises when quota and Y-axis filters embed attacker-controlled values directly into generated SQL within Quota2SQLObj.getYWheres(), without applying the SQL literal validation and e...
GO-2026-5837 Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph
Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph...
PYSEC-2026-1151 Apache Airflow MySQL Provider is Vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not...
SQL Injection
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection through the SQLChatAgent process. An attacker can access arbitrary files on the server by crafting SQL queries that bypass the regex-based blocklist using quoted...
WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
EUVD-2026-41822
Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
EUVD-2026-41809
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...
EUVD-2026-41786
A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2026-14772
CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...
CVE-2026-14771 SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-14768
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...
CVE-2026-14766 CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...
CVE-2026-14764 code-projects Hotel and Tourism Reservation Event Management add_event.php sql injection
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...
CVE-2026-14754
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...
EUVD-2026-41760
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...
CVE-2026-14750 mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection
A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...
EUVD-2026-41750
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...
CVE-2026-14743
CVE-2026-14743 affects the code-projects Real State Services 1.0. The vulnerability is a SQL injection in an unknown function of the file /normalHomeSale.php triggered by manipulating the loc argument. Exploitation can be performed remotely, and public exploit code is available. The provided docu...