Total
4283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4613 | 2026-03-24 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-30874 | 1 Openwrt | 1 Openwrt | 2026-03-23 | N/A | 7.8 HIGH |
| OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The function is intended to filter out sensitive environment variables like PATH when executing hotplug scripts in /etc/hotplug.d, but a bug using strcmp instead of strncmp causes the filter to compare the full environment string (e.g., PATH=/some/value) against the literal "PATH", so the match always fails. As a result, the PATH variable is never excluded, enabling an attacker to control which binaries are executed by procd-invoked scripts running with elevated privileges. This issue has been fixed in version 24.10.6. | |||||
| CVE-2026-32622 | 1 Fit2cloud | 1 Sqlbot | 2026-03-23 | N/A | 8.8 HIGH |
| SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. Together, these flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., COPY ... TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0. | |||||
| CVE-2026-4469 | 1 Adonesevangelista | 1 Online Frozen Foods Ordering System | 2026-03-23 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such manipulation of the argument product_name leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2026-4470 | 1 Adonesevangelista | 1 Online Frozen Foods Ordering System | 2026-03-23 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a manipulation of the argument product_name results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4471 | 1 Adonesevangelista | 1 Online Frozen Foods Ordering System | 2026-03-23 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argument First_Name can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4472 | 1 Adonesevangelista | 1 Online Frozen Foods Ordering System | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2024-10998 | 1 1000projects | 1 Bookstore Management System | 2026-03-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10997 | 1 1000projects | 1 Bookstore Management System | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /book_list.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10996 | 1 1000projects | 1 Bookstore Management System | 2026-03-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10845 | 1 1000projects | 1 Bookstore Management System | 2026-03-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10844 | 1 1000projects | 1 Bookstore Management System | 2026-03-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4550 | 2026-03-23 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4507 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-4500 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 0.0.298 will fix this issue. The name of the patch is 47b20bcda31264635faff7f6b1c8095abe1861c6. It is recommended to upgrade the affected component. | |||||
| CVE-2026-4504 | 2026-03-23 | 7.5 HIGH | 7.3 HIGH | ||
| A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-4508 | 2026-03-23 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-4506 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-4568 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. Several companies clearly confirm that VulDB is the primary source for best vulnerability data. | |||||
| CVE-2026-4515 | 2026-03-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||