216627 matches found
CVE-2026-34386
Fleet is open source device management software. Before 4.81.0, a SQL injection vulnerability in Fleet’s MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet da...
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34386
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin
Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...
CVE-2026-34385
CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...
CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-4970
CVE-2026-4970 affects code-projects Social Networking Site 1.0. The vulnerability is SQL injection in the file delete_photos.php (Endpoint component) triggered by manipulating the ID argument. It can be exploited remotely and the exploit is publicly available. The connected CVE records do not pro...
CVE-2026-4970
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...
CVE-2026-34374 AVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream Key
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...
EUVD-2026-16750
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...
CVE-2026-34374
CVE-2026-34374 affects WWBN AVideo up to version 26.0. The vulnerability is due to Live_schedule::keyExists() constructing a SQL query by directly interpolating the stream key (unparameterized) when used as a fallback from LiveTransmition::keyExists(), bypassing the parameterized protection. This...
CVE-2026-34374
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...
CVE-2026-34374 AVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream Key
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...
CVE-2026-4966 itsourcecode Free Hotel Reservation System index.php sql injection
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...
CVE-2026-4966 itsourcecode Free Hotel Reservation System index.php sql injection
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...
CVE-2026-33770
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
CVE-2026-4876
A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/modamenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit i...