CVE-2026-40352

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

CVE-2026-3023

CVE-2026-3023 affects the Wakyma web application, specifically the endpoint VetS.wakyma.com/pets/print-tags. The issue is a NoSQL injection (NoSQLi) in a POST request that authenticated users can abuse to inject NoSQL commands, enabling listing of pets and owner names. Multiple connected entries ...

CVE-2026-3022

The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/centro/equipo/empleado. This vulnerability could allow authenticated users to enumerate...

PT-2026-25670

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow authenticated users to list pets and...

Wakyma 安全漏洞

Wakyma is a pet management app developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary. This vulnerability could allow authenticated...

BIT-PARSE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification...

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

EUVD-2025-33715

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...

CVE-2025-9053

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

Agentejo Cockpit SQL注入漏洞

Agentejo Cockpit is a self-hosted "headless" and api driven lightweight, open source content management system. A NoSQL injection vulnerability exists in Agentejo Cockpit prior to version 0.11.2. The vulnerability can be exploited to conduct NoSQL injection attacks via the Controller/Auth.php che...