CVE-2026-7077

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /editparcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JoomSport versions = 5.7.7...

CVE-2026-42646

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through = 3.44.0...

CVE-2026-42646 WordPress TaxoPress plugin <= 3.44.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through = 3.44.0...

CVE-2026-42646

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through = 3.44.0...

CVE-2026-3325

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

CVE-2026-3325 SQL injection in MegaCMS by CRM Sistemas de Fidelización

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

EUVD-2026-26199

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

CVE-2026-3325

MegaCMS v12.0.0 is affected by a SQL injection in the /web_comunications/cms/get_provincias endpoint, via the POST parameter id_territorio after the registration form submission. The vulnerability stems from insufficient validation/sanitisation of user input, allowing an unauthenticated attacker ...

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as...

CVE-2026-22336

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2...

CRM Sistemas MegaCMS SQL注入漏洞

CRM Sistemas MegaCMS is a content management system provided by CRM Sistemas, which offers features for creating and managing website content. Version 12.0.0 of CRM Sistemas MegaCMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation and cleaning of user input...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...

XATABoost CMS SQL注入漏洞

XATABoost CMS is a content management system from XATABoost that provides website content publishing and management functions. A SQL injection vulnerability exists in XATABoost CMS version 1.0.0. The vulnerability stems from the application's lack of validation of externally entered SQL statement...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter pid being manipulated in the file admin/ajax.php?action=addtocart...

PT-2026-35884

Name of the Vulnerable Software and Affected Versions MegaCMS version 12.0.0 Description Inadequate validation and sanitization of user input allows an unauthenticated attacker to execute arbitrary SQL queries via a POST request. The issue is located in the "/web comunications/cms/get provincias"...

PT-2026-35955

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save supplier of the file /ajax.php?action=save supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...