CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon up to version 30.0.01 is affected by an authenticated SQL injection via the Tracking/graphing feature in Tracking/graphing.php (line 145). Exploitation requires Teacher or higher privileges and can lead to unintended read/write access to the database. A fix is available in Gibbon v30.0.01;...

EUVD-2026-28880

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

DEBIAN-CVE-2026-6666

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field...

EUVD-2026-28878

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field...

PT-2026-39228

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description A null pointer reference can occur in the kill pool logins server error function if a server sends an error response that lacks the SQLSTATE field, potentially leading to a crash. Recommendations...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016806 advisory. An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.ext...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016807 advisory. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class...

Unity Linux 20.1050e / 20.1070e Security Update: python-PyMySQL (UTSA-2026-017341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017341 advisory. PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict. Tenable has extracted the preceding...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016788 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing...

CVE-2026-42287

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-42287

Summary: CVE-2026-42287 affects Emlog before version 2.6.11, where direct SQL injection in article creation and update can occur via the log_model.php functions addLog() and updateLog(). The underlying issue is unsafeguarded SQL construction that allows attackers to execute arbitrary SQL commands...

EUVD-2026-28842

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

@mikro-orm/entity-generator (>=7.0.0 <=7.0.14-dev.14), @mikro-orm/libsql (>=7.0.0 <=7.0.14-dev.14) +9 more potentially affected by CVE-2026-44680 via @mikro-orm/sql (>=7.0.0-dev.100 <=7.0.14-dev.9)

@mikro-orm/sql NPM version =7.0.0-dev.100, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.14-dev.14 - @reldens/cms =0.61.0 - @reldens/storage =0.93.0 Source cves: CVE-2026-44680 Source advisory: SNYK:JS-MIKROORMSQL-16624726...

SQL Injection

Overview @mikro-orm/sql is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...