GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

SQL Injection

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that a...

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

CVE-2026-41460

CVE-2026-41460 (SocialEngine) affects SocialEngine versions 7.8.0 and earlier, with a SQL injection in the /activity/index/get-memberall endpoint. User input passed via the text parameter is not sanitized before being used in a SQL query. An unauthenticated remote attacker can read arbitrary data...

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

CVE-2026-6887

The CVE-2026-6887 entry concerns Borg SPM 2007 (BorG Technology Corporation). The connected sources describe a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. The vulnerability impact is descr...

web-vulnerability-scanner

web-vulnerability-scanner This Reposito...

CMS ALAYA vulnerable to SQL injection

Overview CMS ALAYA provided by KANATA Limited contains the following vulnerability. SQL injection CWE-89 - CVE-2026-40529 Naoto Senda of Five Drive Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

EUVD-2026-25184

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

hangover-ctf-wolfpack-deals

🎰 The Hangover CTF — Machine 1: Wolfpack Deals "What happe...

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

VulnCheck KEV: CVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

PT-2026-34636

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

📄 SocialEngine 7.8.0 SQL Injection

SocialEngine versions 7.8.0 and below suffer from a remote SQL injection vulnerability. User input passed through the text request parameter to the /activity/index/get-memberall endpoint is not properly sanitized before being used to construct an SQL query...

CVE-2025-50229

CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...

Rocket.Chat SQL注入漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...