862 matches found
JS Help Desk <= 2.8.2 - SQL Injection
JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...
CVE-2026-15287
The CVE-2026-15287 entry affects the rtMedia plugin for WordPress, BuddyPress and bbPress. It describes a time-based SQL Injection via the order_by parameter in all versions up to and including 4.6.18, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Auth...
CVE-2026-59257
This CVE affects n8n before 1.123.61 and 2.x before 2.27.4, specifically the legacy MySQL v1 node’s executeQuery operation. The root cause is that evaluated {{ ... }} expression values are substituted directly into the raw SQL string without parameterization, enabling SQL injection when a workflo...
EUVD-2026-42163
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...
CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
EUVD-2026-41739
A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...
EUVD-2026-41711
A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The...
PT-2026-55797
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote SQL injection is possible due to improper manipulation of the field name argument within the Notes controller::search scratch data function locate...
CVE-2026-14638
Summary of the CVE-2026-14638 : A flaw exists in itsourcecode Hospital Management System 1.0, affecting an unknown function in the file /patient.php. Manipulation of the argument editid enables a possible SQL injection . The attack surface is described as remote, and the exploit has been publishe...
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
CVE-2026-57667
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
CVE-2026-52712
CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...
EUVD-2016-10897
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...
PT-2026-49390
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
EUVD-2026-36360
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
Security update for cacti, cacti-spine (critical)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0033-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...
EUVD-2026-35198
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...
PT-2026-47269
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...
PT-2026-47246
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...
CVE-2026-11435
The vulnerability CVE-2026-11435 affects Jinher OA 1.0, specifically the nextselectplan.aspx file. The issue stems from manipulating the httpOID argument, enabling a SQL injection. It is a network-accessible flaw with LOW confidentiality, integrity, and availability impacts per the CVSS, and has ...