PT-2026-40792

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...

PT-2026-40556

Name of the Vulnerable Software and Affected Versions Advantech IoT & SCADA affected versions not specified Description A SQL injection allows a remote authenticated attacker to execute arbitrary commands via a specific interface. This could enable the attacker to access, modify, or delete...

PT-2026-40627

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

PT-2026-40823

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker ...

PT-2026-40793

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw in SQL Expressions enables an authenticated attacker to read arbitrary files from the server's filesystem. This issue only affects instances where the sqlExpressions feature toggle is...

PT-2026-40625

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

PT-2026-40810

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str replace without any sanitization, enabling SQL injection through query parameters...

WordPress plugin Charitable SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-1250

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

EUVD-2026-29812

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

CVE-2026-44863

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44860

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44862

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44863 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44863 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44862

The CVE-2026-44862 entry describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could inject crafted input into parameters pas...