VulnCheck KEV: CVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from the product’s editing module being vulnerable to SQL injection attacks...

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

CVE-2025-50229

CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...

Rocket.Chat SQL注入漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...

📄 SocialEngine 7.8.0 SQL Injection

SocialEngine versions 7.8.0 and below suffer from a remote SQL injection vulnerability. User input passed through the text request parameter to the /activity/index/get-memberall endpoint is not properly sanitized before being used to construct an SQL query...

PT-2026-34636

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

PT-2026-34652

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

📄 Ghost CMS 6.19.0 SQL Injection

This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...

Web-Application-Pentest-Report

Web-Application-Pentest-Report OWASP methodology penetration t...

CVE-2026-41167

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...

SQL Injection

Overview github.com/jackc/pgx/v5 is a pure Go driver and toolkit for PostgreSQL Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is interpreted...

SQL Injection

Overview github.com/jackc/pgx/internal/sanitize is a PostgreSQL driver and toolkit Affected versions of this package are vulnerable to SQL Injection when using the simple protocol with dollar quoted string literals. An attacker can execute arbitrary SQL commands by crafting input that is...

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

CVE-2026-41167

Jellystat prior to 1.1.10 exposes SQL injection via POST /api/getUserDetails and POST /api/getLibrary, where unsanitized request-body fields are interpolated into raw SQL. This allows an authenticated user to read any table (including app_config) and, due to node-postgres simple query usage, enab...

CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...

CVE-2026-41167

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...