EUVD-2026-31020

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

WordPress plugin Creative Mail – Easier WordPress & WooCommerce Email Marketing SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Veritas InfoScale VIOM SQL注入漏洞

Veritas InfoScale VIOM is an infrastructure monitoring and operations management platform for virtualized environments developed by Veritas Corporation in the United States. Versions of Veritas InfoScale VIOM prior to 9.1.3 contained a SQL injection vulnerability. This vulnerability stems from SQ...

CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

WordPress plugin Read More & Accordion SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin NextGEN Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

TONNET E-LAN Hybrid Recording System SQL注入漏洞

TONNET E-LAN Hybrid Recording System is a hybrid voice recording management system designed for communication and call center scenarios by Tonnet International TONNET Company, Taiwan, China. The TONNET E-LAN Hybrid Recording System has a SQL injection vulnerability, which can allow unauthorized...

PT-2026-42074

Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The Read More & Accordion plugin for WordPress contains a time-based blind SQL Injection. This occurs because the orderby parameter is processed using esc attr and esc sql but is...

Drupal 10.x < 10.4.10 / 10.5.x < 10.5.10 / 10.6.x < 10.6.9 / 11.1.x < 11.1.10 / 11.2.x < 11.2.12 / 11.3.x < 11.3.10 Drupal Vulnerability (SA-CORE-2026-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.x prior to 10.4.10, 10.5.x prior to 10.5.10, 10.6.x prior to 10.6.9, 11.1.x prior to 11.1.10, 11.2.x prior to 11.2.12, or 11.3.x prior to 11.3.10. It is, therefore, affected by a vulnerability. -...

CVE-2026-48134 - SQL injection issue in UserCheck Portal when DLP is active

Symptoms - When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This coul...

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

PT-2026-42101

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

Fedora 44 : proftpd (2026-871243b391)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-871243b391 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

PT-2026-42194

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

PT-2026-42142

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

WordPress plugin SureCart SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

Fedora 43 : proftpd (2026-4ddb108952)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ddb108952 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

PT-2026-42228

Name of the Vulnerable Software and Affected Versions Drupal core versions 8.9.0 through 10.4.9 Drupal core versions 10.5.0 through 10.5.9 Drupal core versions 10.6.0 through 10.6.8 Drupal core versions 11.0.0 through 11.1.9 Drupal core versions 11.2.0 through 11.2.11 Drupal core versions 11.3.0...