Fortinet FortiClientEMS 7.4.4 - SQL Injection

Fortinet FortiClientEMS version 7.4.4 and earlier contains an unauthenticated SQL injection vulnerability in the /api/v1/initconsts endpoint. The 'Site' HTTP header value is passed directly into the PostgreSQL searchpath without sanitization, allowing remote unauthenticated attackers to inject...

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

CVE-2026-8444

CVE-2026-8444 affects WordPress WP Review Slider Pro (get_results() without $wpdb->prepare(). This allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries and potentially extract sensitive database information. The provided met...

CVE-2026-8444 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

CVE-2026-8443

CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...

CVE-2026-8443 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

PT-2026-49619

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro get overall chart data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to json...

PT-2026-50126

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

PT-2026-50125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

EUVD-2026-36980

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

EUVD-2026-36947

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

EUVD-2026-36975

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

EUVD-2026-36943

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

EUVD-2026-36788

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...