130 matches found
PT-2026-22967
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
GHSA-XXH2-68G9-8JQR ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...
CVE-2026-2093
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2236
C@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2235
C@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2093
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2096
CVE-2026-2096 (Flowring Agentflow) : The vulnerability is a Missing Authentication issue in Agentflow by Flowring that allows unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. Reported impact is high/critical (CVSS v4.0 base 9.3 with...
CVE-2026-2093
Docpedia (Flowring) has an unauthenticated SQL Injection vulnerability that allows remote attackers to inject arbitrary SQL to read database contents. The issue is triggered via unauthenticated access and can lead to leakage of confidential data (CVE-2026-2093). CVSS metrics provided indicate hig...
CVE-2026-2093 Flowring|Docpedia - SQL Injection
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
Flowring Agentflow 安全漏洞
Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a security vulnerability that stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read, modify, and delete...
PT-2026-7269
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...
CVE-2026-2236
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-2236
CVE-2026-2236 affects C&Cm@il by HGiga. The provided documents describe an unauthenticated SQL Injection in the web application that enables reading database contents. No explicit root-cause details or affected versions are given beyond the product name. Exploitation status is not detailed beyond...
CVE-2026-2235
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
PT-2026-7079
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
PT-2026-7078
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-15238
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-15239
CVE-2025-15239 concerns the QOCA aim AI Medical Cloud Platform from Quanta Computer. The connected sources confirm a SQL Injection vulnerability that enables authenticated remote attackers to inject arbitrary SQL commands to read database contents. The available metrics indicate CVSS v3.1 base sc...
EUVD-2026-0901
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-15238 Quanta Computer|QOCA aim AI Medical Cloud Platform - SQL Injection
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...