PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

EUVD-2026-36910

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

EUVD-2026-36762

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

CVE-2026-49067

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

CVE-2026-39492

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

EUVD-2026-36903

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

EUVD-2026-36900

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

EUVD-2026-36874

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

CVE-2026-42665 WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

EUVD-2026-36811

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...