WordPress plugin ARMember Premium SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection...

Debian dsa-6313 : dovecot-auth-lua - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6313 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6313-1 [email protected]...

itsourcecode Fees Management System SQL注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from manipulating the parameter ID in the file /managefee.php, which may...

itsourcecode Fees Management System SQL注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from manipulating the parameter ID in the file /managepayment.php, which...

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability in the egeq.php endpoint, exploitable by an authenticated user via the egeqIdEquipe parameter in GET requests to execute arbitrary SQL and extract sensitive database information (including version details). This aligns with the CVSS metrics ...

CVE-2018-25430 Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

EUVD-2026-33756

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

EUVD-2026-33719

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to...

EUVD-2026-33715

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

CVE-2026-45545

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

CVE-2026-ThreemaWeb-PrototypePollution

CVE-2026-XXXXX: Threema Web Prototype Pollution via URI Query...

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

CVE-2026-10262

A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

EUVD-2026-33645

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manageproduct.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made...