216688 matches found
CVE-2026-4234
A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-4234
CVE-2026-4234 affects SSCMS 7.4.0, specifically the DDL Handler component and the file SitesAddController.Submit.cs . The vulnerability arises from the manipulation of the argument tableHandWrite , enabling a SQL injection . The attack can be executed remotely and the exploit has been publicly re...
CVE-2026-3021
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...
CVE-2026-4232
A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...
CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection
A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...
CVE-2026-4230
A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...
CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection
A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...
CVE-2026-4230
Vulnerability CVE-2026-4230 affects vanna-ai vanna Endpoint up to version 2.0.2. The vulnerable component is the update_sql function in src/vanna/legacy/flask/init .py, which enables SQL injection. The issue can be triggered remotely, and the exploit has been disclosed publicly. No remediation de...
CVE-2026-4229
CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...
CVE-2026-4229
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
Exploit for Race Condition in Canonical Ubuntu_Linux
500+ Pentest One-Liners & Commands for Every Hacking Scenario...
CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection
A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...
PT-2026-25682
Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the /sms/login.php file. Manipulation of the user email argument can lead to SQL...
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...
PT-2026-25745
A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course code leads to sql injection. The attack can be launched remotely. The exploit is publicly available...
Chamilo LMS SQL注入漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.34 contained a SQL injection vulnerability. This vulnerability stemmed fro...
CVE-2025-69768
The provided connected documents confirm a concrete vulnerability in Chyrp: SQL Injection in the Admin.php component affecting Chyrp v2.5.2 and earlier. The root cause is an SQLi flaw in Admin.php that could allow a remote attacker to obtain sensitive information. The CVSS details from the Initia...
CVE-2025-69768
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...
CVE-2025-69768
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...