WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.5...

CVE-2026-8705

The CVE describes a SQL injection in the ClearSale Total WordPress plugin (versions &lt;= 3.4.2). The vulnerability occurs via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action, which is accessible to unauthenticated users (wp_ajax_nopriv_clearsale_total_push). Although...

CVE-2026-47384

CVE-2026-47384 – NocoDB SQL Injection via Column Title in Bulk GroupBy : An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column title to a SQL fragment. The vulnerable code path builds three database-specific knex.raw() aggregations t...

CVE-2026-47384

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

CVE-2026-23513

CVE-2026-23513 affects FOSSBilling prior to 0.8.0. A query-construction flaw in client list endpoints (ServiceTransaction::getSearchQuery and Order\Service::getSearchQuery) fails to group OR-based filters, allowing authenticated clients to bypass tenant scoping and retrieve other clients’ data (i...

EUVD-2025-210317

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

EUVD-2025-210319

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

EUVD-2025-210320

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

EUVD-2025-210321

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2026-44792

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2026-52673

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

CVE-2026-34914

This CVE is confirmed: Revive Adserver

EUVD-2026-38486

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

CVE-2026-44792 n8n: Source Control Pull SQL Injection

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

CVE-2026-44792

n8n has a Source Control Pull SQL Injection vulnerability (CVE-2026-44792) in versions prior to 1.123.43, 2.20.7, and 2.22.1. An attacker with write access to the git repository used by the Source Control feature can commit a crafted Data Table JSON file containing a malicious column name. When a...

CVE-2026-54311

CVE-2026-54311 affects the n8n open-source workflow automation platform, specifically its Merge node in SQL Query mode. The issue allows an authenticated user with workflow creation/modification permissions to pollute the sandbox context, which is cached and reused across all workflow executions....