Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to SQL Injection vulnerability in Dashboard UI (CVE-2025-36368)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed SQL Injection vulnerability Vulnerability Details CVEID:CVE-2025-36368 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to SQL injection. An administrative user could send special...

WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.8.1...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7447

SourceCodester Pet Grooming Management Software 1.0 contains a SQL injection in /admin/update_customer.php due to improper validation of parameter types/length/business rules. The flaw is exploitable remotely, with the exploit reportedly published. Affected software/component: SourceCodester Pet ...

EUVD-2026-26303

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

PT-2026-36031

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

PT-2026-36186

Name of the Vulnerable Software and Affected Versions SSCMS version 7.4.0 Description An issue exists in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. This allows attackers to submit encrypted payloads to...

VulnCheck KEV: CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

IBM Langflow Desktop SQL注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.6.0 to 1.8.4 of IBM Langflow Desktop contain a SQL injection vulnerability. This vulnerability stems from stored cross-site scripting, allowing authenticated users to inject arbitrary JavaScrip...

SQL Injection

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

GHSA-H7J7-3RX6-XVCG CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

CVE-2026-7410

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2026-7408

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

EUVD-2026-26292

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2026-7410

CVE-2026-7410 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability is in /admin/ajax.php?action=add_to_cart, where manipulating the pid parameter causes an SQL injection. The exploit is publicly disclosed and the CVSS metrics indicate medium severity (base scores ~5.3–6.5) with ...

CVE-2026-7410

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2026-7410 SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

n8n has SQL Injection in Oracle Database Node via Limit Field

Impact A flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field e.g., fr...