25567 matches found
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic (CVE-2025-36122)
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to AUTOMATIClimit. Vulnerability Details CVEID:CVE-2025-36122 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial...
EUVD-2026-23258
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...
EUVD-2026-23239
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
EUVD-2026-22897
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...
CVE-2026-5785
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785
The CVE-2026-5785 issue affects Zohocorp ManageEngine PAM360 (versions before 8531) and ManageEngine Password Manager Pro (versions 8600 to 13230). The vulnerability is an Authenticated SQL injection in the query report module, allowing an attacker with LOW privileges and no user interaction to t...
CVE-2026-5785 SQL Injection
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785 SQL Injection
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
SUSE-SU-2026:21208-1 Security update for dovecot24
This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...
OPENSUSE-SU-2026:20554-1 Security update for dovecot24
This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...
EUVD-2026-23223
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CLEANSTART-2026-SU44499 net/url package does not set a limit on the number of query parameters in a query
Multiple security vulnerabilities affect the promxy package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...
WordPress plugin Accessibility Suite by Ability, Inc 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
CVE-2026-37343
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...
PT-2026-33327
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description SQL Injection is possible in the file '/music/view playlist.php'. Recommendations At the moment, there is no information about a newer version that contains a fix for...
WordPress plugin DirectoryPress – Business Directory And Classified Ad Listing 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
CVE-2026-37345
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managepark.php...