216159 matches found
📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection
Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...
Linux Distros Unpatched Vulnerability : CVE-2026-48842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...
CVE-2026-42774
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...
CVE-2026-48837
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...
CVE-2026-42773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...
CVE-2026-42773
CVE-2026-42773 concerns the WordPress plugin eMagicOne Store Manager (versions up to 1.3.2). The connected documents identify a vulnerability of type SQL Injection (specifically a blind SQL injection) in this plugin. Affected component is the Store Manager code path handling SQL commands, with th...
CVE-2026-42773 WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2...
CVE-2026-42774
CVE-2026-42774 affects WordPress JetEngine plugin
CVE-2026-42774 WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...
CVE-2026-48837
CVE-2026-48837: SQL Injection in WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
CVE-2026-48837 WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...
DEBIAN-CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
UBUNTU-CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
EUVD-2026-31719
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-48842
The CVE affects Roundcube Webmail 1.6.x ≤1.6.15 and 1.7.x ≤1.7.0, via the virtuser_query plugin, where a pre-authentication SQL injection is triggered by a backslash-escaped preg_replace() bypass. Root cause: input crafted to bypass escapes leads to SQL injection before authentication. Impact is ...
CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-9474
A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...