PT-2026-28692

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A flaw exists in itsourcecode Free Hotel Reservation System version 1.0 that may allow for SQL injection. The issue is located in the file /admin/mod room/index.php?view=edit...

CVE-2026-30532

CVE-2026-30532 describes a SQL Injection vulnerability in SourceCodester Online Food Ordering System v1.0, exposed via the admin/view_product.php file when using the id parameter. The vulnerability is documented as affecting the admin view_Product flow, with the root cause being unsafe constructi...

PT-2026-28626

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could...

PT-2026-28627

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a SQL injection issue in its MDM bootstrap package configuration. An authenticated user possessing Team Admin or Global Admin privileges...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the saveuser operation in the Actions.php file,...

CVE-2026-30533

CVE-2026-30533 targets SourceCodester Online Food Ordering System v1.0. The vulnerability is a SQL Injection in admin/manage_product.php via the id parameter. Reported metrics show CVSS v3.1 base score 9.8 (CRITICAL, NETWORK vector, no user interaction). Affected component: admin/manage_product.p...

CVE-2026-30530

CVE-2026-30530 is a SQL Injection flaw in SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_customer) where the username input is not properly sanitized. The issue, confirmed by NVD and corroborated by Red Hat, ENISA EUVD, CNNVD, CNNVD mirrors, and other feeds, al...

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

CVE-2026-33910

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

EUVD-2026-16305

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...