Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Talentics Software: Malicious SQL Code Can Be Injected
CVE-2025-10970
Summary
A security issue in Talentics software allows an attacker to inject malicious code into the database, potentially stealing sensitive information or disrupting the system. This could happen if an attacker is able to trick the software into executing their code. Users should contact the vendor to report the issue and consider updating to a secure version.
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through ...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS3.1
9.8
Vulnerability type
CWE-89
SQL Injection
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026