Skip to main content

SQLi

15171 CVEs technique

Monthly

CVE-2019-25520 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25519 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25518 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. [CVSS 8.2 HIGH]

PHP SQLi Information Disclosure Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25517 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25516 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25515 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. [CVSS 7.5 HIGH]

PHP Authentication Bypass SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2019-25514 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]

PHP SQLi Information Disclosure Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25513 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25512 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25511 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25510 HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Php Stock News Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25509 HIGH POC This Week

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25508 HIGH POC This Week

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Ready Advertisement Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25488 HIGH POC This Week

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]

PHP SQLi Denial Of Service Php Ready Rent A Car Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25482 HIGH POC This Week

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Ready Rent A Car Site Script
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25481 HIGH POC This Week

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25479 HIGH POC This Week

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25473 HIGH POC This Week

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. [CVSS 7.1 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-4014 MEDIUM This Month

SQL injection in the registration module of itsourcecode Cafe Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, which provides attackers with potential access to sensitive data and database manipulation capabilities. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3981 MEDIUM This Month

SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/doctor_action.php, potentially gaining unauthorized access to sensitive data and modifying database records. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3980 MEDIUM This Month

SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3657 HIGH This Week

Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.

WordPress SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3969 MEDIUM This Month

FeMiner WMS versions up to 1.0 contain a SQL injection vulnerability in the department addition module that allows unauthenticated remote attackers to manipulate the Name parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3957 LOW Monitor

SQL injection in the weimai-wetapp HomeController endpoint allows remote attackers with high privileges to manipulate the cat parameter and execute arbitrary database queries, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the development team has not yet responded to the early disclosure notification. A patch is not currently available.

Java SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3956 LOW Monitor

SQL injection in the Admin_AdminUserController of weimai-wetapp allows remote attackers with high privileges to manipulate the keyword parameter and execute arbitrary SQL queries, potentially leading to unauthorized data access and modification. Public exploit code exists for this vulnerability, though no patch is currently available. The vulnerability affects Java-based deployments using affected versions of the weimai-wetapp project.

Java SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-32127 HIGH This Week

OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. No patch is currently available for affected versions.

SQLi Openemr
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70024 CRITICAL Act Now

SQL injection in generatedata 4.0.14.

SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32234 npm MEDIUM PATCH This Month

### Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. ### Patches The fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types. ### Workarounds There is no known workaround. ### References - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31896 CRITICAL Act Now

SQL injection in WeGIA before 3.6.6.

PHP SQLi Denial Of Service Information Disclosure Wegia
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31895 HIGH This Week

WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).

PHP SQLi Wegia
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31877 CRITICAL Act Now

SQL injection in Frappe framework before 15.84.0/14.99.0.

SQLi Frappe
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2019-25486 HIGH POC This Week

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2026-31871 npm CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31858 PHP HIGH PATCH This Week

SQL injection in Craft CMS ElementSearchController allows authenticated control panel users to execute arbitrary SQL queries and extract complete database contents through the criteria[where] and criteria[orderBy] parameters. The vulnerability exists because a previous SQL injection fix applied to ElementIndexesController was never implemented in this endpoint. An attacker with any control panel user account can exploit this via boolean-based blind injection without requiring administrative privileges.

SQLi Craft Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31856 npm CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31840 npm CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.

Node.js PostgreSQL SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3496 HIGH This Week

Unauthenticated attackers can exploit SQL injection in the JetBooking WordPress plugin through the check_in_date parameter to extract sensitive database information, affecting all versions up to 4.0.3. The vulnerability exists due to insufficient input escaping and unprepared SQL statements. No patch is currently available.

WordPress SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3944 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-1708 HIGH This Week

Simply Schedule Appointments Booking Plugin versions up to 1.6.9.27. is affected by sql injection (CVSS 7.5).

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-14025 MEDIUM This Month

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.

SQLi Video Station
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-31844 HIGH This Week

SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.

SQLi Koha
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-3222 HIGH This Week

Unauthenticated attackers can exploit a time-based blind SQL injection in the WP Maps plugin for WordPress (versions up to 4.9.1) through the location_id parameter in the wpgmp_ajax_call AJAX handler to extract sensitive database information. The vulnerability stems from improper input validation that allows backtick-wrapped user input to bypass SQL escaping functions. No patch is currently available, leaving all affected WordPress installations at risk of data disclosure.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-2413 HIGH POC This Week

Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-31825 PHP MEDIUM PATCH This Month

Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.

SQLi Sylius
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30951 npm HIGH PATCH This Week

SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data by manipulating JSON object keys in WHERE clause operations. The vulnerability stems from improper sanitization of cast type parameters in the _traverseJSON() function, which directly interpolates user-controlled input into CAST SQL statements. Node.js applications using affected Sequelize versions are at risk of complete database compromise.

Node.js SQLi Sequelize
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29174 PHP HIGH POC PATCH This Week

Craft Commerce versions prior to 5.5.3 contain an SQL injection vulnerability in the inventory levels endpoint where sort parameters are improperly sanitized, allowing authenticated users with Commerce Inventory access to execute arbitrary database queries. Public exploit code exists for this vulnerability, which could enable complete database compromise. Update to version 5.5.3 or later to resolve this high-severity issue.

SQLi Craft Commerce
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-29172 PHP HIGH POC PATCH This Week

SQL injection in Craft Commerce's purchasables endpoint allows authenticated attackers to manipulate the sort parameter and execute arbitrary SQL queries via the unvalidated ORDER BY clause. Versions prior to 4.10.2 and 5.5.3 are vulnerable, with public exploit code available. An attacker with valid credentials can extract sensitive database information or modify data without additional user interaction.

SQLi Craft Commerce
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3843 CRITICAL Act Now

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

PHP RCE SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-30941 npm HIGH PATCH This Week

NoSQL injection in Parse Server's password reset and email verification endpoints allows unauthenticated attackers to extract authentication tokens by injecting MongoDB query operators through the unvalidated token parameter. Affected deployments running MongoDB with these features enabled are vulnerable to email verification bypass and password reset token theft. The vulnerability is fixed in versions 8.6.14 and 9.5.2-alpha.1.

Node.js MongoDB SQLi Parse Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30930 PyPI HIGH PATCH This Week

SQL injection in Glances TimescaleDB export module allows local attackers to execute arbitrary SQL commands against the monitoring database. The vulnerability stems from unsafe string concatenation when constructing queries with system monitoring data (process names, mount points, network interfaces, container names). Proof-of-concept exploit code exists (CVSS E:P). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation activity. Vendor-released patch available in version 4.5.1.

SQLi Glances
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-26116 HIGH PATCH This Week

Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain unauthorized access across the network. This high-severity flaw (CVSS 8.8) affects multiple SQL Server versions with no available patch, allowing attackers with valid credentials to manipulate SQL commands and compromise system integrity. Organizations running these affected versions should implement network segmentation and monitor for suspicious database activity until a patch is released.

SQLi Sql Server 2022 Sql Server 2025 Sql Server 2016 Sql Server 2019 +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56421 PHP HIGH PATCH This Week

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. [CVSS 7.5 HIGH]

SQLi Limesurvey
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-49784 MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]

Fortinet SQLi Fortianalyzer Big Data Fortianalyzer
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-27684 MEDIUM This Month

SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.

SAP SQLi
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-3818 MEDIUM This Month

SQL injection in Tiandy Easy7 CMS 7.17.0 allows unauthenticated remote attackers to manipulate the strTBName parameter in GetDBData.jsp, potentially accessing or modifying sensitive database information. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi Microsoft
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-40639 CRITICAL Act Now

SQL injection in Eventobot event management application allows unauthenticated attackers to perform complete database operations including data retrieval, creation, update, and deletion.

PHP SQLi Eventobot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3806 LOW POC Monitor

SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3793 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the sellid GET parameter in sales_invoice1.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can suffer data exposure, modification, or loss depending on database permissions.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3792 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the purchaseid parameter in purchase_invoice.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3791 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter in dashboard.php. Public exploit code exists for this vulnerability, enabling remote exploitation by users with login credentials to read, modify, or delete database contents. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3790 LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3786 LOW POC Monitor

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3785 LOW POC Monitor

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3771 LOW POC Monitor

SQL injection in SourceCodester Resort Reservation System 1.0 via the q parameter in /accommodation.php allows remote authenticated attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could extract or modify sensitive reservation and user data.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3767 LOW POC Monitor

College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3765 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the dt parameter in /att_single_view.php enables remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The attack affects data confidentiality, integrity, and availability with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3760 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the seme parameter in /view_result.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3759 MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 via the reach_nm parameter in /admin/adminHome.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available for affected installations.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3758 MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate the Info parameter in /admin/adminHome.php, potentially enabling unauthorized database access and data theft. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or upgrade to a patched version when released.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3757 MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate the fnm parameter via the /?pass=1 endpoint, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

SQLi Online Art Gallery Shop
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3756 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System up to version 1.0 allows authenticated remote attackers to manipulate the stock_name1 parameter in /check_item_details.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but could enable data disclosure, modification, or deletion within the affected system.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3755 LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3754 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the cost parameter in /add_stock.php enables authenticated attackers to manipulate database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can result in unauthorized data access and modification.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3753 LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System versions up to 1.0 via the sid parameter in /add_sales_print.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive inventory and sales data.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3752 LOW POC Monitor

SourceCodester Employee Task Management System through version 1.0 contains a SQL injection vulnerability in the /daily-task-report.php GET parameter handler that allows remote attackers with high privileges to extract or manipulate database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access but no user interaction, potentially compromising sensitive employee task data and system integrity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3751 LOW POC Monitor

SQL injection in SourceCodester Employee Task Management System 1.0 allows remote attackers to manipulate the Date parameter in /daily-attendance-report.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3747 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the subject parameter in /add_result.php enables remote attackers to execute arbitrary database queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data exfiltration, modification, or deletion through unauthenticated network-based attacks.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3746 MEDIUM POC This Month

SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 via the Username parameter in the Login.php component enables unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify application state. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems exposed to active exploitation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-3745 LOW POC Monitor

SQL injection in Student Web Portal 1.0's profile.php allows authenticated attackers to execute arbitrary SQL queries through improper input validation on the User parameter, potentially leading to unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-3744 MEDIUM POC This Month

SQL injection in Student Web Portal 1.0's signup.php password validation function allows unauthenticated remote attackers to manipulate database queries through the reg_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable unauthorized data access, modification, or deletion.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3740 MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 allows remote attackers to manipulate the admin_search_student parameter in /admin_search_student.php without authentication, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3736 MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's SearchResultRoundtrip.php parameter handling enables unauthenticated remote attackers to manipulate database queries and potentially extract, modify, or delete sensitive data. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3735 MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0 allows unauthenticated remote attackers to manipulate the SearchResultOneway.php input parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network, enabling attackers to read, modify, or delete sensitive flight booking data.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3730 MEDIUM POC This Month

SQL injection in Free Hotel Reservation System 1.0 allows remote attackers to manipulate the amen_id and rmtype_id parameters in the amenities management interface, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects PHP-based installations and requires no authentication or user interaction to exploit.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3723 MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's /Admindelete.php endpoint allows unauthenticated remote attackers to manipulate the flightno parameter and execute arbitrary database queries, potentially leading to data theft or modification. Public exploit code is available for this vulnerability, and no patch has been released as of now.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3711 LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's admin update function allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative credentials but could enable data exfiltration or modification of flight booking records.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3710 LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's /Adminadd.php allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary SQL queries, potentially compromising flight booking data. Public exploit code exists for this vulnerability, though patches are not yet available. The attack requires administrative credentials but can be exploited over the network without user interaction.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3709 MEDIUM POC This Month

Simple Flight Ticket Booking System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3708 MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's login functionality allows unauthenticated attackers to manipulate the Username parameter and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. PHP installations running the affected application should be isolated until a security patch becomes available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3705 MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0 via the flightno parameter in /Adminsearch.php allows unauthenticated remote attackers to query or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should immediately restrict access to the admin search functionality or upgrade if a patched version becomes available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. [CVSS 8.2 HIGH]

PHP SQLi Information Disclosure +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. [CVSS 7.5 HIGH]

PHP Authentication Bypass SQLi +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]

PHP SQLi Information Disclosure +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Stock News Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Ready Advertisement Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]

PHP SQLi Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Php Ready Rent A Car Site Script
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.1
HIGH POC This Week

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. [CVSS 7.1 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in the registration module of itsourcecode Cafe Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, which provides attackers with potential access to sensitive data and database manipulation capabilities. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/doctor_action.php, potentially gaining unauthorized access to sensitive data and modifying database records. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.

WordPress SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

FeMiner WMS versions up to 1.0 contain a SQL injection vulnerability in the department addition module that allows unauthenticated remote attackers to manipulate the Name parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in the weimai-wetapp HomeController endpoint allows remote attackers with high privileges to manipulate the cat parameter and execute arbitrary database queries, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the development team has not yet responded to the early disclosure notification. A patch is not currently available.

Java SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in the Admin_AdminUserController of weimai-wetapp allows remote attackers with high privileges to manipulate the keyword parameter and execute arbitrary SQL queries, potentially leading to unauthorized data access and modification. Public exploit code exists for this vulnerability, though no patch is currently available. The vulnerability affects Java-based deployments using affected versions of the weimai-wetapp project.

Java SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. No patch is currently available for affected versions.

SQLi Openemr
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in generatedata 4.0.14.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

### Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. ### Patches The fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types. ### Workarounds There is no known workaround. ### References - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36

Node.js PostgreSQL SQLi +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in WeGIA before 3.6.6.

PHP SQLi Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).

PHP SQLi Wegia
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Frappe framework before 15.84.0/14.99.0.

SQLi Frappe
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.

Node.js PostgreSQL SQLi +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in Craft CMS ElementSearchController allows authenticated control panel users to execute arbitrary SQL queries and extract complete database contents through the criteria[where] and criteria[orderBy] parameters. The vulnerability exists because a previous SQL injection fix applied to ElementIndexesController was never implemented in this endpoint. An attacker with any control panel user account can exploit this via boolean-based blind injection without requiring administrative privileges.

SQLi Craft Cms
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.

Node.js PostgreSQL SQLi +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.

Node.js PostgreSQL SQLi +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit SQL injection in the JetBooking WordPress plugin through the check_in_date parameter to extract sensitive database information, affecting all versions up to 4.0.3. The vulnerability exists due to insufficient input escaping and unprepared SQL statements. No patch is currently available.

WordPress SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Simply Schedule Appointments Booking Plugin versions up to 1.6.9.27. is affected by sql injection (CVSS 7.5).

WordPress SQLi
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.

SQLi Video Station
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.

SQLi Koha
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit a time-based blind SQL injection in the WP Maps plugin for WordPress (versions up to 4.9.1) through the location_id parameter in the wpgmp_ajax_call AJAX handler to extract sensitive database information. The vulnerability stems from improper input validation that allows backtick-wrapped user input to bypass SQL escaping functions. No patch is currently available, leaving all affected WordPress installations at risk of data disclosure.

WordPress SQLi
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.

WordPress SQLi
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.

SQLi Sylius
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data by manipulating JSON object keys in WHERE clause operations. The vulnerability stems from improper sanitization of cast type parameters in the _traverseJSON() function, which directly interpolates user-controlled input into CAST SQL statements. Node.js applications using affected Sequelize versions are at risk of complete database compromise.

Node.js SQLi Sequelize
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Craft Commerce versions prior to 5.5.3 contain an SQL injection vulnerability in the inventory levels endpoint where sort parameters are improperly sanitized, allowing authenticated users with Commerce Inventory access to execute arbitrary database queries. Public exploit code exists for this vulnerability, which could enable complete database compromise. Update to version 5.5.3 or later to resolve this high-severity issue.

SQLi Craft Commerce
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

SQL injection in Craft Commerce's purchasables endpoint allows authenticated attackers to manipulate the sort parameter and execute arbitrary SQL queries via the unvalidated ORDER BY clause. Versions prior to 4.10.2 and 5.5.3 are vulnerable, with public exploit code available. An attacker with valid credentials can extract sensitive database information or modify data without additional user interaction.

SQLi Craft Commerce
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

PHP RCE SQLi
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NoSQL injection in Parse Server's password reset and email verification endpoints allows unauthenticated attackers to extract authentication tokens by injecting MongoDB query operators through the unvalidated token parameter. Affected deployments running MongoDB with these features enabled are vulnerable to email verification bypass and password reset token theft. The vulnerability is fixed in versions 8.6.14 and 9.5.2-alpha.1.

Node.js MongoDB SQLi +1
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

SQL injection in Glances TimescaleDB export module allows local attackers to execute arbitrary SQL commands against the monitoring database. The vulnerability stems from unsafe string concatenation when constructing queries with system monitoring data (process names, mount points, network interfaces, container names). Proof-of-concept exploit code exists (CVSS E:P). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation activity. Vendor-released patch available in version 4.5.1.

SQLi Glances
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain unauthorized access across the network. This high-severity flaw (CVSS 8.8) affects multiple SQL Server versions with no available patch, allowing attackers with valid credentials to manipulate SQL commands and compromise system integrity. Organizations running these affected versions should implement network segmentation and monitor for suspicious database activity until a patch is released.

SQLi Sql Server 2022 Sql Server 2025 +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. [CVSS 7.5 HIGH]

SQLi Limesurvey
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. [CVSS 6.0 MEDIUM]

Fortinet SQLi Fortianalyzer Big Data +1
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.

SAP SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in Tiandy Easy7 CMS 7.17.0 allows unauthenticated remote attackers to manipulate the strTBName parameter in GetDBData.jsp, potentially accessing or modifying sensitive database information. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

SQLi Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Eventobot event management application allows unauthenticated attackers to perform complete database operations including data retrieval, creation, update, and deletion.

PHP SQLi Eventobot
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the sellid GET parameter in sales_invoice1.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can suffer data exposure, modification, or loss depending on database permissions.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the purchaseid parameter in purchase_invoice.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter in dashboard.php. Public exploit code exists for this vulnerability, enabling remote exploitation by users with login credentials to read, modify, or delete database contents. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Resort Reservation System 1.0 via the q parameter in /accommodation.php allows remote authenticated attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could extract or modify sensitive reservation and user data.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the dt parameter in /att_single_view.php enables remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The attack affects data confidentiality, integrity, and availability with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the seme parameter in /view_result.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 via the reach_nm parameter in /admin/adminHome.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available for affected installations.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate the Info parameter in /admin/adminHome.php, potentially enabling unauthorized database access and data theft. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or upgrade to a patched version when released.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in projectworlds Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate the fnm parameter via the /?pass=1 endpoint, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

SQLi Online Art Gallery Shop
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System up to version 1.0 allows authenticated remote attackers to manipulate the stock_name1 parameter in /check_item_details.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but could enable data disclosure, modification, or deletion within the affected system.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System 1.0 via the cost parameter in /add_stock.php enables authenticated attackers to manipulate database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can result in unauthorized data access and modification.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Sales and Inventory System versions up to 1.0 via the sid parameter in /add_sales_print.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive inventory and sales data.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SourceCodester Employee Task Management System through version 1.0 contains a SQL injection vulnerability in the /daily-task-report.php GET parameter handler that allows remote attackers with high privileges to extract or manipulate database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access but no user interaction, potentially compromising sensitive employee task data and system integrity.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in SourceCodester Employee Task Management System 1.0 allows remote attackers to manipulate the Date parameter in /daily-attendance-report.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 via the subject parameter in /add_result.php enables remote attackers to execute arbitrary database queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data exfiltration, modification, or deletion through unauthenticated network-based attacks.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 via the Username parameter in the Login.php component enables unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify application state. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems exposed to active exploitation.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Student Web Portal 1.0's profile.php allows authenticated attackers to execute arbitrary SQL queries through improper input validation on the User parameter, potentially leading to unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Student Web Portal 1.0's signup.php password validation function allows unauthenticated remote attackers to manipulate database queries through the reg_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable unauthorized data access, modification, or deletion.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode University Management System 1.0 allows remote attackers to manipulate the admin_search_student parameter in /admin_search_student.php without authentication, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's SearchResultRoundtrip.php parameter handling enables unauthenticated remote attackers to manipulate database queries and potentially extract, modify, or delete sensitive data. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0 allows unauthenticated remote attackers to manipulate the SearchResultOneway.php input parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network, enabling attackers to read, modify, or delete sensitive flight booking data.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Free Hotel Reservation System 1.0 allows remote attackers to manipulate the amen_id and rmtype_id parameters in the amenities management interface, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects PHP-based installations and requires no authentication or user interaction to exploit.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's /Admindelete.php endpoint allows unauthenticated remote attackers to manipulate the flightno parameter and execute arbitrary database queries, potentially leading to data theft or modification. Public exploit code is available for this vulnerability, and no patch has been released as of now.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's admin update function allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative credentials but could enable data exfiltration or modification of flight booking records.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in Simple Flight Ticket Booking System 1.0's /Adminadd.php allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary SQL queries, potentially compromising flight booking data. Public exploit code exists for this vulnerability, though patches are not yet available. The attack requires administrative credentials but can be exploited over the network without user interaction.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Simple Flight Ticket Booking System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0's login functionality allows unauthenticated attackers to manipulate the Username parameter and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. PHP installations running the affected application should be isolated until a security patch becomes available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Simple Flight Ticket Booking System 1.0 via the flightno parameter in /Adminsearch.php allows unauthenticated remote attackers to query or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should immediately restrict access to the admin search functionality or upgrade if a patched version becomes available.

PHP SQLi
NVD GitHub VulDB
Prev Page 20 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy