72 matches found
CVE-2026-12512
CVE-2026-12512 affects the Quotes Llama WordPress plugin prior to 3.1.6. The root cause is improper sanitization/escaping of a user-supplied parameter before it is used in a SQL query, enabling unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the databas...
CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...
EUVD-2026-39699
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...
CVE-2026-56036
The CVE-2026-56036 entry describes an unauthenticated SQL injection affecting the WordPress plugin 결제 심플페이 (SimplePay) for versions <= 5.5.6. CVSSv3.1: 9.3 (CRITICAL), vectors: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. Impact is confidentiality high; integrity none; availability low. Affected softw...
EUVD-2026-37872
claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...
EUVD-2026-37621
Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...
CVE-2026-22340
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
EUVD-2026-36951
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
EUVD-2026-36944
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
CVE-2026-39441
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
PT-2026-49384
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
📄 ProjeQtor 12.4.3 SQL Injection
This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
CVE-2026-40846
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40843
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40846 Authenticated SQLi in system view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40845 Authenticated SQLi in devices_configuration view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40829
CVE-2026-40829 describes an unauthenticated SQL Injection in the view.html.php UpdateParam function, exploitable by a high-privilege remote attacker. It can read the entire database and alter values in a non-critical table, leading to total confidentiality loss and some integrity loss. The connec...
CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...