216327 matches found
web-vuln-scanner
🔍 WebVulnScanner v1.0 A production-grade, async Python web...
CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
CVE-2026-6978
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
CLSA-2026-1777051819 openldap: Fix of 2 CVEs
CVE-2022-29155: fix a SQL injection vulnerability in the back-sql backend to slapd - CVE-2021-27212: fix denial of service daemon exit via a short timestamp if slapd is used...
SafeVault
SafeVault - Security and Authentication Capstone Project A pr...
PT-2026-35177
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get message ajax.php of the component Private Message Handler. Executing a manipulation of the argument c id can lead to sql injection. It is possible to launch the...
PT-2026-35164
A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
EUVD-2026-25633
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478
CVE-2026-41478 summary (Saltcorn). Saltcorn prior to 1.4.6, 1.5.6, and 1.6.0-beta.5 contains a SQL injection in the mobile-sync endpoints that can be triggered by an authenticated, low-privilege user with read access to at least one table. The vulnerability allows injection of arbitrary SQL via s...
GHSA-R75F-5X8P-QVMC LiteLLM has SQL Injection in Proxy API key verification
Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...
LiteLLM has SQL Injection in Proxy API key verification
Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...
SQL Injection
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to SQL Injection via the token lookup query in the combined view path. An attacker can extract or manipulate records by supplying a crafted token value that is interpolated...
IMF-1-walkthrough
IMF: 1 — Boot2Root Walkthrough Platform: VulnHub Diff...
Black-Oracle
🖤 BLACK ORACLE 🖤 «The Eye That Sees Through Digital...
darkmarket-vuln-lab
🕶️ Dark Market Simulator An intentionally vulnerable CTF-...
CVE
Vulnerability Report: Unauthenticated SQL Injection in Hospita...