PT-2026-32657

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...

CVE-2026-37594

CVE-2026-37594 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in /wfh_attendance/admin/view_employee.php, caused by unsafe SQL handling in that file. The available data identifies the issue but does not provide exploitation deta...

Fortinet FortiManager sqli (FG-IR-26-111)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

Fortinet FortiAnalyzer sqli (FG-IR-26-111)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

PT-2026-32694

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

CVE-2026-37592

CVE-2026-37592 affects Sourcecodester Storage Unit Rental Management System v1.0. Multiple sources report a SQL injection in /storage/admin/maintenance/manage_pricing.php, indicating an input-related vulnerability in that PHP file. The CVSS metrics provided show a Low severity (base score 2.7) wi...

PT-2026-32633

CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage pricing.php. https://t.co/MgRy57pmLM...

CVE-2026-37591

CVE-2026-37591 affects Sourcecodester Storage Unit Rental Management System v1.0. The vulnerability is an SQL injection in the file /storage/admin/tenants/view_details.php, reported across multiple sources (NVD/EUVD/CVE listings). The available descriptions do not specify the root cause details b...

CVE-2026-37589

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in /storage/admin/maintenance/manage_storage_unit.php. The CVE entry (CVE-2026-37589) is corroborated by multiple sources (NVD, ENISA EUVD, CVE List, AttackersKB, CVE enrichment) indicating a SQL injection fl...

Fortinet多款产品 SQL注入漏洞

Fortinet FortiOS are products of the American company Fortinet. Fortinet FortiOS is a security operating system specifically designed for the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiProxy is a secure network...

PT-2026-32914

CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...

CVE-2026-37593

CVE-2026-37593 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The connected sources indicate a SQL Injection vulnerability in the file /wfh_attendance/admin/view_att.php. The CVE record provides a LOW severity (CVSSv3.1 base score 2.7) with attack vector NETWORK an...

EUVD-2026-22069

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-32271

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

CVE-2026-32272

Craft Commerce (Craft CMS) 5.0.0–5.5.4 contains an SQL injection in ProductQuery::hasVariant and VariantQuery::hasProduct that bypass the input sanitization blocklist in ElementIndexesController, re-introduced by using Craft::configure() on a subquery without sanitization. An authenticated contro...

CVE-2026-32272

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

CVE-2026-32272 Craft Commerce: Blind SQL Injection via hasVariant/hasProduct

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

CVE-2026-32271

CVE-2026-32271 affects Craft Commerce (Craft CMS) in versions 4.0.0–4.10.2 and 5.0.0–5.5.4, where an SQL injection in the Commerce TotalRevenue widget allows any authenticated control panel user to achieve remote code execution. The exploit involves unsanitized widget settings interpolated into S...

CVE-2026-32271 Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...