WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

EUVD-2026-36910

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

EUVD-2026-36762

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

CVE-2026-49067

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

CVE-2026-39492

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

EUVD-2026-36903

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

EUVD-2026-36900

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

EUVD-2026-36874

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions