EUVD-2026-17733

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server/IBM Storage Protect Plus Server (version 8.2.0) are affected by a SQL injection vulnerability (CVE-2025-13855) arising from lack of validation of externally supplied SQL statements. An attacker could remotely send crafted SQL to view, add, modify, or delete data in the ...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

Joomla! CMS SQL注入漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a SQL injection vulnerability, which stems from improper construction of the order clause. This vulnerability may lead to SQL injection attacks at the articles webservice endpoint...

PT-2026-29475

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

itsourcecode Payroll Management System SQL注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the...

WordPress plugin Booking for Appointments and Events Calendar - Amelia SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

IBM Storage Protect Server SQL注入漏洞

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

PT-2026-29592

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort by query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application...

VulnCheck KEV: CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

VulnCheck KEV: CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

Hi.Events SQL注入漏洞

Hi.Events is an open-source event ticketing and management platform developed by Hi.Events. Versions of Hi.Events from 0.8.0-beta.1 to 1.7.1-beta contained a SQL injection vulnerability. This vulnerability occurred because multiple repository classes directly passed the sortby query parameter...

Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)

The version of Fortinet FortiClient EMS installed on the remote host is 7.4.4. It is, therefore, affected by a SQL injection vulnerability: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in FortiClientEMS 7.4.4 may allow an unauthenticated...

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2026-5238

Affects itsourcecode Payroll Management System 1.0. The vulnerability exists in the Parameter Handler’s view_employee.php, where manipulating the ID parameter leads to SQL injection. This is a remote exploit with public proof-of-concept; CVSS metrics indicate high impact (network access, no authe...

SUSE CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...