234690 matches found
CVE-2026-5179 SourceCodester Simple Doctors Appointment System login.php sql injection
A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
Exploit for CVE-2026-7299
CVE-2026-7299 - Appsmith 1.98 Stored XSS SQL Autocomplete inn...
CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...
CVE-2026-32714
SciTokens before v1.9.6 is affected: the KeyCache class builds SQL queries using Python string formatting, allowing SQL injection via user-supplied data (issuer, key_id) that could compromise the local SQLite database. The issue is fixed in v1.9.6. Affected software: SciTokens library; vulnerabil...
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-27697
CVE-2026-27697 affects baserCMS before version 5.2.3, where a SQL injection vulnerability exists in the blog posts functionality. The issue, traced to the blog post handling, can allow an attacker to execute arbitrary SQL statements. BasercMS has patched this in 5.2.3; users on earlier versions s...
CVE-2026-27697 baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
HCL Aftermarket DPC Input Validation Error Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...
Code-Projects Student Membership System SQL注入漏洞
The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...
SourceCodester Loan Management System 安全漏洞
The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a security vulnerability. This vulnerability stems from improper input cleaning of the borrowerid parameter in the file...
Code-Projects Student Membership System SQL注入漏洞
Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...
CVE-2026-30520
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...
Code-Projects Simple Gym Management System SQL注入漏洞
Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...
SourceCodester Simple Doctors Appointment System SQL注入漏洞
SourceCodester Simple Doctors Appointment System is an easy doctor appointment system developed under the open-source framework of SourceCodester. Version 1.0 of the SourceCodester Simple Doctors Appointment System has a SQL injection vulnerability. This vulnerability arises from incorrect handli...
SourceCodester Simple Doctors Appointment System SQL注入漏洞
SourceCodester Simple Doctors Appointment System is an easy doctor appointment system developed under the open-source framework of SourceCodester. Version 1.0 of the SourceCodester Simple Doctors Appointment System has a SQL injection vulnerability. This vulnerability arises from incorrect handli...
PT-2026-29215
SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...
VulnCheck KEV: CVE-2025-54726
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...
PT-2026-29190
A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...