21 matches found
CVE-2026-11590
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
EUVD-2026-40263
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2026-11590
The WP Support Plus Responsive Ticket System WordPress plugin (≤ 9.1.2) is vulnerable because it does not sanitize user-supplied array keys before using them in a SQL statement, enabling unauthenticated SQL injection via filter[elements] array keys. Impact is unauthenticated access to manipulate ...
Astra Linux – Vulnerability in Ceph
An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...
EUVD-2026-30946
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-39317
...
CVE-2026-39317
...
CVE-2026-3368
The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...
EUVD-2026-13918
The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...
PT-2026-26718
The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...
EUVD-2026-9026
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...
CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...
CVE-2026-2751 Blind SQL Injection
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...
CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...
CVE-2026-2751
CVE-2026-2751 affects Centreon Web on Central Server (Linux) in the Service Dependencies module. The root cause is a Blind SQL Injection due to unsanitized array keys during deletion of Service Dependencies. Affected versions are Centreon Web before 25.10.8, 24.10.20, and 24.04.24. The vulnerabil...
PT-2026-20632
The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pma api key and pma sender address parameters. This makes it...
CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection via the contenthandler.startElement call with missing sanitization. An attacker can manipulate input data by crafting dictionary keys that inject arbitrary XML elements or break the structure of the generated XML document...