Total
18107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27832 | 1 Intermesh | 1 Group-office | 2026-03-04 | N/A | 8.8 HIGH |
| Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint. The endpoint `index.php?r=email/template/emailSelection` processes `advancedQueryData` and forwards the SQL comparator without a strict allowlist into SQL condition building. This enables blind boolean-based exfiltration of the `core_auth_password` table. Versions 26.0.8, 25.0.87, and 6.8.153 fix the issue. | |||||
| CVE-2026-3486 | 1 Angeljudesuarez | 1 College Management System | 2026-03-04 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-26890 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. | |||||
| CVE-2026-26885 | 1 Oretnom23 | 1 Simple Online Men\'s Salon Management System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | |||||
| CVE-2026-26884 | 1 Oretnom23 | 1 Simple Online Men\'s Salon Management System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | |||||
| CVE-2026-26883 | 1 Oretnom23 | 1 Simple Online Men\'s Salon Management System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | |||||
| CVE-2026-26887 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. | |||||
| CVE-2026-26888 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | |||||
| CVE-2026-26889 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. | |||||
| CVE-2026-26891 | 1 Oretnom23 | 1 Simple Logistic Hub Parcel\'s Management System | 2026-03-04 | N/A | 2.7 LOW |
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | |||||
| CVE-2026-27497 | 1 N8n | 1 N8n | 2026-03-04 | N/A | 8.8 HIGH |
| n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. | |||||
| CVE-2019-25495 | 1 Oscommerce | 1 Oscommerce | 2026-03-04 | N/A | 8.2 HIGH |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information. | |||||
| CVE-2019-25496 | 1 Oscommerce | 1 Oscommerce | 2026-03-04 | N/A | 8.2 HIGH |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information. | |||||
| CVE-2019-25497 | 1 Oscommerce | 1 Oscommerce | 2026-03-04 | N/A | 8.2 HIGH |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information. | |||||
| CVE-2026-1487 | 2026-03-03 | N/A | 6.5 MEDIUM | ||
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary SQL queries on the database that can be used to extract information via time-based techniques, drop tables, or modify data. | |||||
| CVE-2026-26707 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-03 | N/A | 9.8 CRITICAL |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | |||||
| CVE-2026-26706 | 1 Oretnom23 | 1 Pharmacy Point Of Sale System | 2026-03-03 | N/A | 9.8 CRITICAL |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php. | |||||
| CVE-2026-26703 | 1 Jon-remus-sevellejo | 1 Personnel Property Equipment System | 2026-03-03 | N/A | 9.8 CRITICAL |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | |||||
| CVE-2026-26702 | 1 Jon-remus-sevellejo | 1 Personnel Property Equipment System | 2026-03-03 | N/A | 9.8 CRITICAL |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | |||||
| CVE-2026-26701 | 1 Jon-remus-sevellejo | 1 Personnel Property Equipment System | 2026-03-03 | N/A | 9.8 CRITICAL |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php. | |||||