CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10235

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

CVE-2026-8772

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...

CVE-2026-8114

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-7206

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-7074

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publi...

CVE-2026-7199

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deleteproduct. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the atta...

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-10260

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2026-10704

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

CVE-2026-9575

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit h...

CVE-2026-6151

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2026-6167

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-6161

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-8133

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-40850

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40813

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...