234525 matches found
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Inje...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxsel...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcom...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenza...
Exploit for SQL Injection in Wbce Wbce_Cms
CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL...
Exploit for SQL Injection in Churchcrm
CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL I...
EUVD-2026-21660
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: aws-flb-kinesis-fips, aws-flb-firehose, image-factory-fips, cloud-provider-gcp-cloud-controller-manager-fips, k8s-driver-manager, kyverno-policy-reporter-plugins-kyverno-fips, prometheus-beat-exporter-fips, amazon-cloudwatch-agent-operator, nsc-fips,...
CVE-2026-5207
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-5207
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
SQL Injection
Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input...
CVE-2026-5960
A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...
CVE-2026-39497
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through = 1.4.5...
CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...
CVE-2026-39495
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...
AVideo Unauthenticated SQL Injection Credential Dump
AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...
GHSA-HJ5C-MHH2-G7JQ Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug
Summary The hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. Details The access contr...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...