CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

CVE-2026-36944

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/viewdetails.php...

CVE-2026-6183 code-projects Simple Content Management System index.php sql injection

A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-6183

A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-6182 code-projects Simple Content Management System login.php sql injection

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is...

CVE-2026-6182

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is...

CVE-2026-6182

The CVE-2026-6182 affects code-projects Simple Content Management System 1.0. The flaw resides in /web/admin/login.php where manipulation of the User argument enables SQL injection. The vulnerability can be exploited remotely and a publicly available exploit exists. Affected functionality is desc...

WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Product Filter by WBW versions = 3.1.2...

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

CVE-2026-36946

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tin Pham aka TF1T in WordPress Plugin GeoDirectory versions = 2.8.152...

WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SpeakOut! Email Petitions versions = 4.6.5...

CVE-2026-36872

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadbook.php...

CVE-2026-36873

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadadmin.php...

CVE-2026-36874

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadstudent.php...

CVE-2026-36919

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2012-1854link is external Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715link is external Adobe Acrobat...

WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

EUVD-2026-21891

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

EUVD-2025-209409

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...