CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

SQL Injection

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform arbitrary actions by...

SQL Injection

Overview symfony/cache is a cache component provides an extended PSR-6 implementation for adding cache to your applications. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform...

CVE-2026-42383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9059

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065

SureCart

CVE-2026-9059

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

CVE-2026-9059 NextGEN Gallery - SQL Injection

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

Astra Linux - уязвимость в pgbouncer

When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...

Astra Linux - уязвимость в libpgjava

pgjdbc, the PostgreSQL JDBC Driver, allows attackers to inject SQL statements if the PreferQueryMode=SIMPLE setting is used. Note that this is not the default setting. In the default mode, there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus sign...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. Methods like QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are vulnerable to SQL injection when column aliases are used, especially when a properly crafted dictionary is passed...

Astra Linux - уязвимость в php7.3, php8.1

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, and 8.2. before 8.2.2, when using the PDO::quote function to quote user-supplied data for SQLite, providing an overly long string may cause the driver to incorrectly quote the data. This can further lead to SQL injection vulnerabilities...

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

SOC-Alert-Investigation-Portfolio

SOC Alert Investigation Portfolio This repository contains pr...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2026-31044

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...