CVE-2026-42755

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

CVE-2026-42383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

CVE-2026-42774

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE-2026-40818

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40841

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

CVE-2026-40837

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40819

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

PT-2026-47007

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

PT-2026-47052

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 10.0.3 Description An SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL statements. This can result in the complete compromise of the underlying database. The issue requires no...

CVE-2019-25741

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2019-25735

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

CVE-2026-10811 itsourcecode Fees Management System receipt.php sql injection

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

EUVD-2019-20177

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...