Total
18003 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3486 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-03-04 | 4.7 Medium |
| A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48650 | 1 Google | 1 Android | 2026-03-04 | 8.4 High |
| In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-26891 | 1 Oretnom23 | 1 Simple Logistic Hub Parcel\'s Management System | 2026-03-04 | 2.7 Low |
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | ||||
| CVE-2026-27497 | 1 N8n | 1 N8n | 2026-03-04 | 8.8 High |
| n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. | ||||
| CVE-2026-1487 | 2026-03-03 | 6.5 Medium | ||
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary SQL queries on the database that can be used to extract information via time-based techniques, drop tables, or modify data. | ||||
| CVE-2026-26707 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | ||||
| CVE-2026-26706 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php. | ||||
| CVE-2026-26703 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-03-03 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | ||||
| CVE-2026-26702 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-03-03 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | ||||
| CVE-2026-26701 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-03-03 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php. | ||||
| CVE-2026-26700 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-03-03 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | ||||
| CVE-2026-3406 | 1 Projectworlds | 2 Online Art Gallery, Online Art Gallery Shop | 2026-03-03 | 7.3 High |
| A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3410 | 2 Angeljudesuarez, Itsourcecode | 2 Society Management System, Society Management System | 2026-03-03 | 7.3 High |
| A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3411 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-03 | 7.3 High |
| A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3413 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-03 | 7.3 High |
| A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-26694 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. | ||||
| CVE-2026-26698 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | ||||
| CVE-2026-26697 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | ||||
| CVE-2025-50190 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 9.8 Critical |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50191 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 7.2 High |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30. | ||||