CVE-2026-10261 CodeAstro Online Job Portal application_status.php sql injection

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Realtyna Organic IDX plugin versions = 5.1.0...

Cisco Secure Firewall Management Center SQL注入漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool developed by Cisco, Inc. Cisco Secure Firewall Management Center has a SQL injection vulnerability, which stems from insufficient user input validation. This vulnerability could allow authenticated remote...

EUVD-2025-208149

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection...

CVE-2025-15420 Yonyou KSOA agent_work_report.jsp sql injection

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...

CVE-2025-60062

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through = 1.2.1.6...

CVE-2025-14314 WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through = 2.1.5...

CVE-2025-14653 itsourcecode Student Management System addrecord.php sql injection

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...

EUVD-2025-34424

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally...

EUVD-2025-24985

Malicious code in bioql PyPI...

CVE-2025-6305

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adminfeature.php. The manipulation of the argument productcode leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-5696

A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated...

SIMPLE.ERP 安全漏洞

SIMPLE.ERP is an e-commerce platform from SIMPLE, Inc. A security vulnerability exists in SIMPLE.ERP versions 6.20 through 6.30, which stems from an MS SQL protocol degradation request may result in unencrypted communication that is susceptible to data interception and modification...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

PT-2024-32936 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue has been found, affecting an unknown function of the file submit extracurricular activity.php. The manipulation of the activity datetime argument leads to SQL...

Online Exam Form Submission SQL注入漏洞

Online Exam Form Submission is an online exam form submission application by janobe individual developers. A SQL injection vulnerability exists in Online Exam Form Submission version 1.0, which originates from an unknown section in /admin/updates6.php and results in an sql injection via the...

Online Graduate Tracer System SQL注入漏洞

Online Graduate Tracer System is an online graduate tracer system by the individual developer Carlo Montero. SourceCodester Online Graduate Tracer System version 1.0 suffers from a SQL injection vulnerability that originates from an unknown issue in the file admin/prof.php, which leads to sql...

CVE-2022-33965

Multiple Unauthenticated SQL Injection SQLi vulnerabilities in Osamaesh WP Visitor Statistics plugin = 5.7 at WordPress...

CVE-2021-26114

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...