CVE-2025-15625 Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

Exploit for SQL Injection in Wbce Wbce_Cms

CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL...

CVE-2021-27319

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

WordPress plugin CMS Commander SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

phpTransformer 路径遍历漏洞

phpTransformer is a content management system developed by the Lebanese company phpTransformer. The version 2016.9 of phpTransformer has a path traversal vulnerability. This vulnerability stems from an SQL injection vulnerability in the idnews parameter, which could allow remote attackers to...

CVE-2025-52646

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2026-31841

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

CVE-2026-31841 Raw exposure of database statements in Hyperterse MCP search tool

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the SQL function. An attacker can gain unauthorized access to sensitive database content and potentially modify data by sending crafted SQL queries to the /api/query/sql endpoint as a low-privileged user...

CVE-2026-28218

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

CVE-2026-28218 Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

CVE-2026-28218 Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

CVE-2026-28218

CVE-2026-28218 affects Discourse: the Data Explorer plugin has a fail-open access control that lets any authenticated user execute SQL queries without explicit group permissions. Affected versions are prior to 2025.12.2, 2026.1.1, and 2026.2.0. Remediation: upgrade to the patched releases (2025.1...

Discourse 访问控制错误漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from an open Access Control Failure in the Data Explorer plugin,...

IBM Jazz Reporting Service 安全漏洞

The IBM Jazz Reporting Service JRS is a ready-to-use reporting component developed by the American multinational company IBM. This product includes functions such as report generation, data collection, and lifecycle queries. There is a security vulnerability in the IBM Jazz Reporting Service, whi...

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

PT-2026-2337

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise Financials General Ledger affected versions not specified Description The issue stems from inadequate input validation within the SAP S/4HANA Financials General Ledger component. An authenticated user c...