CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

CVE-2026-5180 SourceCodester Simple Doctors Appointment System ajax.php sql injection

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-5180

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-5179 SourceCodester Simple Doctors Appointment System login.php sql injection

A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-32714

SciTokens before v1.9.6 is affected: the KeyCache class builds SQL queries using Python string formatting, allowing SQL injection via user-supplied data (issuer, key_id) that could compromise the local SQLite database. The issue is fixed in v1.9.6. Affected software: SciTokens library; vulnerabil...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697

CVE-2026-27697 affects baserCMS before version 5.2.3, where a SQL injection vulnerability exists in the blog posts functionality. The issue, traced to the blog post handling, can allow an attacker to execute arbitrary SQL statements. BasercMS has patched this in 5.2.3; users on earlier versions s...

CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

PT-2026-29216

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

SourceCodester Simple Doctors Appointment System SQL注入漏洞

SourceCodester Simple Doctors Appointment System is an easy doctor appointment system developed under the open-source framework of SourceCodester. Version 1.0 of the SourceCodester Simple Doctors Appointment System has a SQL injection vulnerability. This vulnerability arises from incorrect handli...

HCL Aftermarket DPC Input Validation Error Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...

Code-Projects Student Membership System SQL注入漏洞

Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from unknown issues in the user registration processing program,...

Code-Projects Student Membership System SQL注入漏洞

The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...

Code-Projects Student Membership System SQL注入漏洞

Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a security vulnerability. This vulnerability stems from improper input cleaning of the borrowerid parameter in the file...

Code-Projects Student Membership System SQL注入漏洞

The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...