Lucene search
K

217156 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-13011

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References7
Cvelist
Cvelist
added yesterday9 views

CVE-2026-13011 ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support <= 1.17.5 - Authenticated (HR Manager+) SQL Injection via 'orderby' Parameter

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00269EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday88 views

NETGEAR ProSafe SSL VPN firmware - SQL Injection

NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. id: CVE-2022-29383 info: name: NETGEAR ProSafe SSL VPN firmware - SQL Injection author: elitebaz severity: critical description: |...

9.8CVSS6.9AI score0.48957EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday21 views

Mingsoft MCMS 5.2.9 - SQL Injection

Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2023-50578 info: name: Mingsoft MCMS 5.2.9 - SQL Injection author: ritikchaddha severity:...

9.8CVSS7.4AI score0.02222EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday240 views

WordPress HTML5 Video Player - SQL Injection

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...

9.8CVSS7.2AI score0.11215EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday24 views

Navidrome < 0.53.0 - Authenticated SQL Injection

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

9.4CVSS7.3AI score0.04457EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday13 views

WordPress Collapsing Categories <= 3.0.8 - SQL Injection

Collapsing Categories plugin for WordPress = 3.0.8 contains a sqlinjection caused by insufficient escaping of 'taxonomy' parameter in /wp-json/collapsing-categories/v1/get REST API, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires sending crafted 'taxonomy'...

7.5CVSS7.4AI score0.02542EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday79 views

Car Rental Management System 1.0 - Local File Inclusion

Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion author:...

9.8CVSS7.4AI score0.16822EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday123 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.5AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday129 views

Rudder Server < 1.3.0-rc.1 - SQL Injection

Rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS7.3AI score0.85825EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday32 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7.2AI score0.01549EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday22 views

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS6AI score0.02101EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday96 views

IdeaCMS <= 1.7 - SQL Injection

IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...

8.8CVSS6.6AI score0.01269EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday123 views

Wordpress Country State City Dropdown <=2.7.2 - SQL Injection

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS6AI score0.13618EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday50 views

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.2AI score0.03449EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday49 views

Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

9.8CVSS7.2AI score0.0289EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday91 views

Automation By Autonami < 3.3.0 - SQL Injection

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. id:...

8.6CVSS6AI score0.02241EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday120 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS6AI score0.02991EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday38 views

REST API TO MiniProgram <= 4.7.1 - SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS6AI score0.03792EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday27 views

Woo Inquiry <= 0.1 - SQL Injection

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

10CVSS6AI score0.04317EPSS
Exploits1References3
Rows per page
Query Builder