Lucene search
+L

217691 matches found

Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

5.9AI score
Exploits2References2
CVE
CVE
added yesterday16 views

CVE-2026-60137

CVE-2026-60137 affects WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2. The issue is a failure to sanitize the author__not_in parameter in WP_Query, enabling potential SQL Injection when untrusted input is passed by a plugin or theme. Mitigation is to update to 6.8.6, 6.9...

9.1CVSS5.8AI score
Exploits2References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

Exploits2References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45279

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS5.8AI score
Exploits2References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

Exploits5References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45280

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

7.5CVSS6AI score
Exploits5References2
CVE
CVE
added yesterday18 views

CVE-2026-63030

WordPress 6.9.x (pre-6.9.5) and 7.0.x (pre-7.0.2) are affected by a REST API batch endpoint route confusion that, together with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow SQL Injection and lead to Remote Code Execution. Affected components: REST API batch route handli...

7.5CVSS6AI score
Exploits5References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45274

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS5.8AI score0.00027EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday8 views

CVE-2026-44739 Pimcore: SQL Injection in Custom Reports Column Configuration

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS0.00027EPSS
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-12283

CVE-2026-12283 affects Amazon Athena Query Federation's Synapse connector (aws-athena-query-federation) v2022.20.1–v2026.19.1. The issue is improper neutralization of elements in an SQL command within the Synapse connector, which could let an authenticated remote user execute injected read-only S...

6.8CVSS6AI score
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.8CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.8CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2025-60357

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...

8.1CVSS
Exploits1References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-16014 code-projects Hospital Bed Management System Login Form sql injection

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-45167

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS7.1AI score
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-16009

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-45162

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score
Exploits0References6
Nuclei
Nuclei
added yesterday56 views

WordPress Job Portal < 2.0.6 - SQL Injection

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...

9.8CVSS8.6AI score0.03096EPSS
Exploits2References2
Rows per page
Query Builder