CVE-2026-37341

CVE-2026-37341 affects SourceCodester Vehicle Parking Area Management System v1.0, with a SQL Injection flaw in /parking/manage_category.php caused by improper input handling in the category management logic. Documented impacts indicate high severity (C/H, I/H, A/H) per CVSS 3.1 and potential dat...

EUVD-2026-23252

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewuser.php...

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

CVE-2026-32176

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

EUVD-2026-22899

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

CVE-2026-30995

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WCFM Marketplace versions = 3.7.1...

CVE-2026-20061 Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting XSS attack, an open redirect attack, and an SQL injection attack. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse CVE-2026-2768...

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...