Security update for php8

This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...

SUSE-SU-2026:2037-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. -...

WordPress Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin <= 1.6.9 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Creative Mail versions = 1.6.9...

WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal Core PostgreSQL SQL Injection PoC...

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

CVE-2026-44047 SQL injection in MySQL CNID backend

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service...

Exploit for CVE-2026-9082

CVE-2026-9082 Type: SQL Injection CWE-89 Affected Pr...

psqli

psqli Powerfull Automatic Sql injection Tools Pack Fast...

PT-2026-42514

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db loader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database witho...

PT-2026-42509

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description An issue exists in the 'tables.php' endpoint where multiple POST parameters, specifically tablename, indexname, and sortby, are concatenated into table or column identifiers within...

PT-2026-42512

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics...

PT-2026-42516

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile main.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

PT-2026-42510

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read,...

Netatalk SQL注入漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a SQL injection vulnerability. This vulnerability stems from the MySQL CNID backend’s SQL...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the sort and dir GET parameters into the ORDER BY clause in...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in the dbloader.php file—ticketsdb, ticketshost, ticketsuser, a...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the POST parameter tickid being directly concatenated into the WHERE clause of the SELEC...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the POST parameters frmticketid and frmrespid were directly concatenated...