EUVD-2026-29871

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

PT-2026-40605

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

PT-2026-40556

Name of the Vulnerable Software and Affected Versions Advantech IoT & SCADA affected versions not specified Description A SQL injection allows a remote authenticated attacker to execute arbitrary commands via a specific interface. This could enable the attacker to access, modify, or delete...

PT-2026-40584

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.2 Description The Avada Builder plugin for WordPress contains a time-based SQL Injection, a technique where an attacker sends queries that cause the database to pause for a specific duration to determine if...

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Corporation. Version 1.3.0 of Joomsky Joomla J2 JOBS contains an SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers...

PT-2026-40729

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

PT-2026-40792

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

HDWPlayer Joomla com_hdwplayer SQL注入漏洞

HDWPlayer Joomla comhdwplayer is a Joomla video player component developed by HDWPlayer Inc. Version 4.2 of HDWPlayer Joomla comhdwplayer contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue in the search.php file. It may allow unauthenticated attackers to...

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

PT-2026-40625

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

PT-2026-40767

Name of the Vulnerable Software and Affected Versions Trust Protection Foundation affected versions not specified Description A SQL injection allows an authenticated attacker to execute arbitrary SQL commands against the product database. This could enable the attacker to read sensitive data,...

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...

PT-2026-40793

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw in SQL Expressions enables an authenticated attacker to read arbitrary files from the server's filesystem. This issue only affects instances where the sqlExpressions feature toggle is...

ERPNext SQL注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.104.3 and 16.14.0 of ERPNext contained SQL injection vulnerabilities. These vulnerabilities stemmed from certain endpoints being vulnerable to SQL injection attacks...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...