CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

CVE-2026-33714

Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

CVE-2026-36950

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

CVE-2026-6193

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

CVE-2026-6188

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=deletesales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-6182

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is...

CVE-2026-6187

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chkprodavailability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit i...

CVE-2026-6160

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatboxPHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. T...

EUVD-2026-22637

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network...

EUVD-2026-22561

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

EUVD-2026-22348

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via...

EUVD-2026-22307

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via...

EUVD-2026-22299

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rottenlead parameter at /Lead/LeadDataGrid.php...

EUVD-2025-209453

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...