The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 doe…

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbi…

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allo…

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 202…

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauth…

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary…

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection…

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attac…

A improper neutralization of special elements used in an sql command ('sql injection') in Forti…

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword…

WordPress is a free and open-source content management system written in PHP and paired with a …

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnera…

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulner…

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unau…

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injectio…

An improper neutralization of special elements used in an sql command ('sql injection') vulnera…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabil…

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain we…

SQL injection vulnerability in the getListQuery function in administrator/components/com_conten…

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check functio…

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From vers…

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated S…

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, …

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction …

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total …

Cacti is an open source operational monitoring and fault management framework. Affected version…

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints …

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id G…

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthentica…

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter…

GLPI is a free asset and IT management software package. An unauthenticated user can perform a …

GeoServer is an open source software server written in Java that allows users to share and edit…

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that al…

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbi…

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injec…

XWiki Platform is a generic wiki platform offering runtime services for applications built on t…

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authe…

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote…

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links…

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ param…