Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
100 articles

#SQL Injection

All CosmicBytez Labs articles tagged #SQL Injection, across news, security advisories, how-to guides, and projects.

  • SecurityJul 17, 2026

    CVE-2026-38158: Critical SQL Injection in UReport v2.2.9 (CVSS 9.8)

    A critical SQL injection vulnerability in the /ureport/datasource/previewData endpoint of ureport v2.2.9 allows unauthenticated attackers to exfiltrate sensitive database contents via crafted SQL statements. CVSS score of 9.8.

  • SecurityJul 12, 2026

    CVE-2026-15482: SQL Injection in Aster Telecom Azcall Admin Panel

    A high-severity SQL injection vulnerability in Aster Telecom Azcall 10/11 allows attackers to manipulate HTTP handler parameters and access the underlying database. CVSS 7.3 — patch or restrict access immediately.

  • SecurityJul 12, 2026

    CVE-2026-15489: SQL Injection in TOKO-ONLINE-ROTI Login Endpoint

    A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI bakery management system allows remote attackers to manipulate the login.php Username parameter and compromise the backend database without authentication.

  • SecurityJul 12, 2026

    CVE-2026-15490: SQL Injection in TOKO-ONLINE-ROTI Product Add Endpoint

    A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI PHP bakery system allows remote attackers to manipulate the kode_produk and kd_cs parameters in proses/add.php, enabling database compromise.

  • SecurityJul 12, 2026

    CVE-2026-60090: PraisonAI SQL Injection via Unvalidated Dimension Parameter in Vector Store Backends

    A CVSS 9.8 critical SQL injection vulnerability in PraisonAI before 4.6.78 allows attackers to exploit the unvalidated dimension argument in PGVector and...

  • SecurityJul 10, 2026

    CVE-2026-5955: BiEticaret E-Commerce SQL Injection (CVSS 9.8)

    A critical SQL injection vulnerability in Inrove Software's BiEticaret e-commerce platform (versions before v3.3.57) allows unauthenticated attackers to...

  • SecurityJul 9, 2026

    CVE-2026-15062: Critical SQL Injection in Snowflake Snowpark Python SDK

    A critical-severity SQL injection vulnerability (CVSS 9.6) in the Snowflake Snowpark Python SDK allows authenticated low-privilege users to execute SQL...

  • SecurityJul 6, 2026

    CVE-2026-14732: SQL Injection in SourceCodester Timetabling System via /edit_exam.php

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...

  • SecurityJul 6, 2026

    CVE-2026-14733: SQL Injection in SourceCodester Timetabling System via /edit_coursea.php

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...

  • SecurityJul 6, 2026

    CVE-2026-14734: SQL Injection in SourceCodester Timetabling System via /edit_product.php

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...

  • SecurityJul 6, 2026

    CVE-2026-14770: SQL Injection in SourceCodester Class and Exam Timetabling System

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate backend database...

  • SecurityJul 6, 2026

    CVE-2026-14771: SQL Injection in SourceCodester Class and Exam Timetabling System

    An unauthenticated remote SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows attackers to manipulate the id...

  • SecurityJul 5, 2026

    CVE-2026-14641: Remote SQL Injection in SourceCodester Class and Exam Timetabling System

    A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to dump the...

  • SecurityJul 5, 2026

    CVE-2026-14642: Remote SQL Injection in SourceCodester Timetabling System edit_class2.php

    A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to fully...

  • SecurityJul 5, 2026

    CVE-2026-14652: SQL Injection in SourceCodester Shopping Cart Admin Login

    A high-severity SQL injection vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows remote attackers to manipulate the admin...

  • SecurityJul 5, 2026

    CVE-2026-14653: SQL Injection in Shopping Cart Men's Product Delete Endpoint

    A high-severity SQL injection flaw in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the men's product delete query to remote...

  • SecurityJul 5, 2026

    CVE-2026-14654: SQL Injection in Shopping Cart Girls Product Delete Endpoint

    A high-severity SQL injection vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows remote attackers to exploit the girls...

  • SecurityJul 5, 2026

    CVE-2026-14688: SQL Injection in itsourcecode Hotel Management Admin Login

    A high-severity SQL injection vulnerability in itsourcecode Online Hotel Management System 1.0 allows remote attackers to exploit the admin login page via...

  • SecurityJul 5, 2026

    SQL Injection in Multi-Vendor Online Grocery Management System (CVE-2026-14695)

    A high-severity SQL injection vulnerability in SourceCodester's Multi-Vendor Online Grocery Management System 1.0 allows remote attackers to manipulate...

  • SecurityJul 5, 2026

    SQL Injection in Pizzafy E-Commerce System Exposes Order Data (CVE-2026-14713)

    A remotely exploitable SQL injection flaw in SourceCodester Pizzafy E-Commerce System 1.0 allows attackers to manipulate the confirm_order endpoint via an...

  • SecurityJul 4, 2026

    CVE-2026-4321: Critical SQL Injection in Raera Destekz Plugin (No Patch Available)

    A CVSS 9.8 critical SQL injection in the Destekz plugin by Raera - Ankara Web Design allows unauthenticated remote attackers full database access. The...

  • SecurityJul 3, 2026

    UniFi Talk SQL Injection Chain Enables Host Privilege Escalation CVE-2026-50747

    Multiple authenticated SQL injection vulnerabilities in Ubiquiti's UniFi Talk Application can be chained to escalate privileges to host-level access on...

  • SecurityJul 2, 2026

    CVE-2026-52186: Critical SQL Injection RCE in UTT nv518G Router

    A critical SQL injection vulnerability (CVSS 9.8) in the UTT nv518G router allows unauthenticated remote attackers to execute arbitrary code via the...

  • SecurityJul 1, 2026

    CVE-2026-9711: Critical SQL Injection in EventON WordPress Plugin (CVSS 9.8)

    A critical unauthenticated SQL injection vulnerability in the EventON WordPress Virtual Event Calendar Plugin affects versions up to 5.0.11, exposing...

  • SecurityJun 30, 2026

    CVE-2026-13550: SQL Injection in itsourcecode Baptism Information Management System 1.0

    A high-severity SQL injection vulnerability has been identified in itsourcecode Baptism Information Management System 1.0, allowing remote attackers to...

  • SecurityJun 30, 2026

    CVE-2026-13551: SQL Injection in itsourcecode Baptism Information Management System 1.0 (editBaptism.php)

    A second high-severity SQL injection vulnerability has been disclosed in itsourcecode Baptism Information Management System 1.0, this time affecting the...

  • SecurityJun 29, 2026

    CVE-2026-13521: SQL Injection in SourceCodester Class and Exam Timetabling System

    A remotely exploitable SQL injection vulnerability affects SourceCodester Class and Exam Timetabling System 1.0 via the course_year_section parameter in...

  • SecurityJun 29, 2026

    CVE-2026-13526: SQL Injection in SourceCodester Class and Exam Timetabling System

    A remotely exploitable SQL injection flaw in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate...

  • SecurityJun 29, 2026

    CVE-2026-49048: Critical SQL Injection in JoomCCK Joomla Extension

    A critical unauthenticated SQL injection vulnerability (CVSS 9.8) in the JoomCCK Joomla extension allows attackers to read, modify, or delete database...

  • SecurityJun 28, 2026

    CVE-2026-13485: SQL Injection in SourceCodester Class and Exam Timetabling System

    A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to...

  • SecurityJun 28, 2026

    CVE-2026-13486: SQL Injection in SourceCodester Class and Exam Timetabling System (preview6.php)

    A second high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 targets /preview6.php via the...

  • SecurityJun 28, 2026

    CVE-2026-13487: SQL Injection in SourceCodester Timetabling System (/archive.php)

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...

  • SecurityJun 28, 2026

    CVE-2026-13488: SQL Injection in SourceCodester Timetabling System (/preview7.php)

    A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...

  • SecurityJun 28, 2026

    CVE-2026-13498: SQL Injection in Restaurant Management System via Password Reset

    A high-severity SQL injection vulnerability in yashpokharna2555's restaurant management system allows unauthenticated attackers to exploit the...

  • SecurityJun 27, 2026

    CVE-2026-54820: Critical SQL Injection in JetBooking WordPress Plugin

    A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the JetBooking WordPress plugin affects all versions up to 4.0.4.1, potentially...

  • SecurityJun 17, 2026

    CVE-2026-49772: The Events Calendar Blind SQL Injection (CVSS 9.3)

    A critical blind SQL injection vulnerability in The Events Calendar WordPress plugin by StellarWP affects versions 6.15.12 through 6.16.2, allowing...

  • SecurityJun 17, 2026

    CVE-2026-52715: GEO my WordPress Unauthenticated SQL Injection (CVSS 9.3)

    A critical unauthenticated SQL injection vulnerability in GEO my WordPress versions 4.5.5 and earlier allows attackers to extract database contents...

  • SecurityJun 16, 2026

    CVE-2026-39574: Critical SQL Injection in InPost Gallery WordPress Plugin

    A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the InPost Gallery WordPress plugin allows attackers to extract sensitive database...

  • SecurityJun 6, 2026

    CVE-2026-11334: SQL Injection in College Management System

    A high-severity SQL injection vulnerability (CVSS 7.3) in CollegeManagementSystem allows attackers to manipulate the department_code parameter in…

  • SecurityJun 2, 2026

    CVE-2026-10263: SQL Injection in SourceCodester Computer Repair Shop Management System

    A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via…

  • SecurityJun 1, 2026

    CVE-2026-10184: SourceCodester Hospital Records SQL Injection via Delete

    A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to extract database contents by…

  • SecurityJun 1, 2026

    CVE-2026-10185: SourceCodester Hospital Records SQL Injection via Save

    A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 enables remote attackers to extract database contents by…

  • SecurityJun 1, 2026

    CVE-2026-48188: OTRS Database Layer SQL Injection — Authentication Bypass

    A critical SQL injection vulnerability (CVSS 9.1) in OTRS and ((OTRS)) Community Edition allows unauthenticated attackers to bypass authentication entirely…

  • SecurityJun 1, 2026

    CVE-2026-49489: OpenCATS ATS SQL Injection via sortDirection Parameter

    A SQL injection vulnerability in OpenCATS through 0.9.7.4 allows authenticated attackers to extract database contents by injecting malicious SQL via the…

  • SecurityMay 31, 2026

    CVE-2018-25405: Multiple SQL Injections in eNdonesia Portal 8.7

    Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 allow attackers to extract sensitive database contents via the artid, cid,...

  • SecurityMay 31, 2026

    CVE-2018-25406: SQL Injection Across eNdonesia Portal 8.7 Modules

    Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 expose the publisher, artikel, and info modules to database extraction...

  • SecurityMay 31, 2026

    CVE-2018-25411: SQL Injection in MGB OpenSource Guestbook 0.7.0.2

    An unauthenticated SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 allows attackers to extract sensitive database contents via the 'id'...

  • SecurityMay 31, 2026

    CVE-2026-10178: SQL Injection in Online Music Site 1.0 Admin Panel

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Online Music Site 1.0, affecting the Administrator PHP AdminEditAlbum…

  • SecurityMay 30, 2026

    CVE-2026-10110: SQL Injection in Student Details Management System 1.0

    A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...

  • SecurityMay 30, 2026

    CVE-2026-9757: GEO my WP Plugin SQL Injection via Query String Bypass

    The GEO my WP WordPress plugin (versions up to 4.5.5) is vulnerable to unauthenticated SQL injection via the swlatlng and nelatlng parameters, which...

  • SecurityMay 29, 2026

    CVE-2026-45288 — Marten .NET Document DB SQL Injection via regConfig

    A CVSS 9.8 critical SQL injection vulnerability in the Marten .NET document database library allows untrusted user input to be interpolated directly into...

  • SecurityMay 26, 2026

    CVE-2018-25362: Twitter-Clone SQL Injection via follow.php

    Twitter-Clone 1 contains a high-severity SQL injection vulnerability in follow.php that allows attackers to extract sensitive database information through.

  • SecurityMay 26, 2026

    CVE-2026-9525: SQL Injection in itsourcecode Electronic

    A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.

  • NewsMay 23, 2026

    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

    CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild...

  • NewsMay 23, 2026

    Drupal: Critical SQL Injection Flaw Now Targeted in Attacks

    Drupal is warning that hackers are actively attempting to exploit a 'highly critical' SQL injection vulnerability, CVE-2026-9082, announced earlier this...

  • SecurityMay 22, 2026

    CVE-2026-39531: WP Directory Kit Blind SQL Injection (CVSS

    A critical blind SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to exfiltrate the entire WordPress...

  • SecurityMay 22, 2026

    WP ERP Pro SQL Injection via search_key Parameter

    A CVSS 7.5 SQL injection vulnerability in the WP ERP Pro WordPress plugin (all versions up to 1.5.1) allows unauthenticated attackers to extract sensitive...

  • SecurityMay 18, 2026

    CVE-2026-8785: SQL Injection in Hospital Management System

    A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...

  • SecurityMay 15, 2026

    Critical Blind SQL Injection in Akilli E-Commerce Website

    A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...

  • SecurityMay 13, 2026

    CVE-2026-2993: SQL Injection in AIWU AI Chatbot WordPress

    A high-severity SQL injection vulnerability (CVE-2026-2993) in the AI Chatbot & Workflow Automation by AIWU WordPress plugin allows unauthenticated...

  • SecurityMay 12, 2026

    CVE-2026-34260 — SAP S/4HANA SQL Injection via ABAP

    A critical SQL injection vulnerability in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to inject malicious SQL statements via...

  • SecurityMay 11, 2026

    CVE-2026-6433: WordPress Plugin SQLi Enables

    The Custom css-js-php WordPress plugin through version 2.0.7 fails to sanitize user input before using it in a SQL query, and passes the result to dynamic...

  • SecurityMay 9, 2026

    CVE-2026-37431: Beauty Parlour Management System SQL

    A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...

  • SecurityMay 8, 2026

    CVE-2026-42208: LiteLLM AI Gateway Pre-Auth SQL Injection

    A critical SQL injection vulnerability in LiteLLM's proxy server allows unauthenticated attackers to manipulate database queries during API key...

  • NewsApr 28, 2026

    Hackers Are Exploiting a Critical LiteLLM Pre-Auth SQLi Flaw

    Threat actors are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in the LiteLLM open-source LLM gateway,...

  • SecurityApr 28, 2026

    CVE-2024-46636: NASA EOSDIS MODAPS v8.1 SQL Injection

    A critical SQL injection vulnerability in NASA's Earth Observing System Data and Information System MODAPS v8.1 allows unauthenticated attackers to...

  • SecurityApr 28, 2026

    CVE-2026-41462: ProjeQtor Unauthenticated SQL Injection in Login

    A critical unauthenticated SQL injection vulnerability in ProjeQtor project management software allows attackers to inject arbitrary SQL via the login...

  • SecurityApr 28, 2026

    CVE-2026-7224: SQL Injection in Pizzafy Ecommerce System 1.0

    A high-severity SQL injection vulnerability has been discovered in SourceCodester Pizzafy Ecommerce System 1.0, allowing remote attackers to manipulate...

  • NewsletterApr 28, 2026

    Apr 28 Digest: Medtronic 9M Breach, GitHub RCE, LiteLLM

    ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...

  • SecurityApr 27, 2026

    CVE-2026-7077: SQL Injection in itsourcecode Courier

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Courier Management System 1.0, affecting the edit_parcel.php file...

  • SecurityApr 26, 2026

    CVE-2026-7002: SQL Injection in KLiK SocialMediaWebsite

    CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...

  • SecurityApr 25, 2026

    CVE-2026-41478: Saltcorn SQL Injection Allows Full Database

    A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...

  • SecurityApr 24, 2026

    SocialEngine Unauthenticated SQL Injection via Activity

    A critical SQL injection vulnerability in SocialEngine versions 7.8.0 and prior allows unauthenticated remote attackers to execute arbitrary SQL queries...

  • SecurityApr 24, 2026

    CVE-2026-6887: Borg SPM 2007 SQL Injection Exposes Full

    A critical SQL injection vulnerability in the end-of-life Borg SPM 2007 application allows unauthenticated remote attackers to inject arbitrary SQL...

  • SecurityApr 23, 2026

    CVE-2026-41167: Jellystat Authenticated SQL Injection in Multiple API Endpoints (CVSS 9.1)

    A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...

  • SecurityApr 20, 2026

    CVE-2026-6595: SQL Injection in ProjectsAndPrograms School

    A medium-severity SQL injection vulnerability has been disclosed in ProjectsAndPrograms School Management System, allowing remote attackers to manipulate...

  • SecurityApr 18, 2026

    CVE-2026-37749: SQL Injection Auth Bypass in CodeAstro

    A critical SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows unauthenticated remote attackers to bypass login...

  • SecurityApr 18, 2026

    CVE-2026-40285: WeGIA SQL Injection via PHP extract()

    A high-severity SQL injection vulnerability in WeGIA, a web manager for charitable institutions, allows authenticated attackers to escalate privileges by...

  • SecurityApr 10, 2026

    CVE-2026-6004: SQL Injection in code-projects Simple IT

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple IT Discussion Forum 1.0, affecting the /delete-category.php...

  • SecurityApr 7, 2026

    CVE-2026-5637: SQL Injection in projectworlds Car Rental

    A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...

  • SecurityApr 6, 2026

    CVE-2019-25662: ResourceSpace 8.6 Unauthenticated SQL

    An unauthenticated SQL injection vulnerability in ResourceSpace 8.6 allows attackers to execute arbitrary database queries via the 'ref' parameter in...

  • SecurityApr 6, 2026

    CVE-2026-5554: SQL Injection in Concert Ticket Reservation

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the...

  • SecurityApr 6, 2026

    CVE-2026-5555: SQL Injection in Concert Ticket Reservation

    An unauthenticated SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the login.php file via...

  • SecurityApr 6, 2026

    CVE-2026-5575: SQL Injection in SourceCodester Record

    A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester/jkev Record Management System 1.0, affecting the Login page's...

  • SecurityApr 5, 2026

    CVE-2026-5534 — SQL Injection in itsourcecode Online

    A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...

  • SecurityApr 5, 2026

    CVE-2026-5540 — SQL Injection in code-projects Simple

    A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...

  • SecurityApr 5, 2026

    CVE-2026-5551: SQL Injection in itsourcecode Free Hotel

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the login page's email...

  • SecurityApr 3, 2026

    CVE-2026-33615: Critical Unauthenticated SQL Injection in setinfo Endpoint

    A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...

  • SecurityMar 31, 2026

    CVE-2026-32714: Critical SQL Injection in SciTokens

    A critical SQL injection vulnerability in the SciTokens Python library allows attackers to manipulate authentication token validation via unsanitized...

  • SecurityMar 29, 2026

    CVE-2026-5017: SQL Injection in code-projects Simple Food

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, affecting the /all-tickets.php file...

  • SecurityMar 29, 2026

    CVE-2026-5018: SQL Injection in code-projects Simple Food

    A remotely exploitable SQL injection vulnerability exists in code-projects Simple Food Order System 1.0, where the Name parameter in register-router.php...

  • SecurityMar 29, 2026

    CVE-2026-5019: SQL Injection in code-projects Simple Food

    A SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, where the Status parameter in all-orders.php enables...

  • SecurityMar 29, 2026

    CVE-2026-5033: SQL Injection in code-projects Accounting

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, where the cos_id parameter in...

  • SecurityMar 29, 2026

    CVE-2026-5034: SQL Injection in code-projects Accounting

    A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, allowing unauthenticated attackers to...

  • SecurityMar 17, 2026

    CVE-2025-62319: Critical SQL Injection in HCL Unica (CVSS

    A critical unauthenticated Boolean-based SQL injection vulnerability (CVSS 9.8) has been disclosed in HCL Unica versions 25.1.1 and below, allowing remote...

  • SecurityMar 9, 2026

    CVE-2026-3730: SQL Injection in itsourcecode Free Hotel

    A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the amenities admin...

  • SecurityMar 9, 2026

    CVE-2026-3740: SQL Injection in itsourcecode University

    A high-severity SQL injection vulnerability has been disclosed in itsourcecode University Management System 1.0, allowing remote attackers to execute...

  • SecurityMar 9, 2026

    CVE-2026-3746: SQL Injection in SourceCodester Simple

    A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester Simple Responsive Tourism Website 1.0, allowing attackers to...

  • SecurityMar 7, 2026

    CVE-2018-25165: SQL Injection Disclosed in Galaxy Forces MMORPG

    A SQL injection vulnerability in Galaxy Forces MMORPG version 0.5.8 has been formally catalogued by NVD, enabling authenticated attackers to extract...

  • SecurityFeb 6, 2026

    Critical Fortinet FortiClientEMS SQL Injection

    Fortinet patches a CVSS 9.8 SQL injection in FortiClientEMS 7.4.4 allowing unauthenticated remote code execution. Endpoint management servers across...