Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
WP CTA <= 2.2.2 - Unauthenticated Time-Based Blind SQL Injection via 'fildname' Parameter
Catalyst Connect Zoho CRM Client Portal <= 2.2.0 - Authenticated (Administrator+) SQL Injection via uid Parameter
Booking Package <= 1.7.20 - Unauthenticated SQL Injection via 'email' Form Parameter
KiviCare <= 4.5.0 - Authenticated (Doctor+) SQL Injection via 'orderby' Parameter in KCQueryBuilder
Majestic Support <= 1.1.9 - Authenticated (Subscriber+) SQL Injection via 'val' Parameter
KiviCare <= 4.5.0 - Authenticated (Doctor+) SQL Injection via 'orderby' Parameter in DoctorSessionController
Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072
Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE
OpenReplay: Authenticated ClickHouse SQL injection via session search
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
GLPI DataInjection Plugin Authenticated SQL Injection via CSV Import
Dify < 1.16.0-rc1 SQL Injection via MyScale Vector Store search_by_full_text
SQLi in Semtek Informatics' SEM-PMP
Coturn: SQL Injection in HTTPS Admin Panel Delete Operations
SQLi in AdamPOS' MobilMen 20T
grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation
Dell PowerFlex Manager, Version prior to 5
Dell PowerFlex Manager, Version prior to 5
SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
Showing 1 - 20 of 1,000+ results