Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216331 matches found

RedhatCVE
RedhatCVEadded 2026/04/27 7:23 p.m.2 views

CVE-2026-6978

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

5.8CVSS5AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/27 7:23 p.m.5 views

CVE-2026-6982

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.2AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/27 7:23 p.m.4 views

CVE-2026-7002

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...

7.5CVSS7.2AI score0.00246EPSS
Exploits0References1
NVD
NVDadded 2026/04/27 7:16 p.m.6 views

CVE-2026-7148

A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS0.00241EPSS
Exploits0References5
NVD
NVDadded 2026/04/27 7:16 p.m.3 views

CVE-2021-36438

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

6.5CVSS0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/27 6:30 p.m.2 views

CVE-2026-7148 CodeAstro Online Classroom addnewfaculty sql injection

A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References5
NVD
NVDadded 2026/04/27 6:16 p.m.4 views

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVEadded 2026/04/27 5:15 p.m.6 views

CVE-2026-7143

CVE-2026-7143 affects the 1000 Projects Portfolio Management System MCA (up to version 1.0). The vulnerability is located in an unknown function of the file /admin/block_status.php, where improper handling of the q parameter enables SQL injection. A remote attacker could exploit this, and publicl...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/27 5:15 p.m.31 views

CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 5:15 p.m.3 views

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/04/27 3:8 p.m.30 views

CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
EUVD
EUVDadded 2026/04/27 3:8 p.m.2 views

EUVD-2026-25865

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6AI score0.00558EPSS
Exploits2References4
NVD
NVDadded 2026/04/27 2:16 p.m.2 views

CVE-2026-7128

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVDadded 2026/04/27 2:16 p.m.4 views

CVE-2026-7126

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=savecategory. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released t...

7.5CVSS0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/27 2:15 p.m.3 views

CVE-2026-7131 code-projects Online Lot Reservation System loginuser.php sql injection

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CVE
CVEadded 2026/04/27 2:15 p.m.13 views

CVE-2026-7131

The CVE-2026-7131 entry concerns code-projects Online Lot Reservation System (up to 1.0). The vulnerable component is an unknown function in /loginuser.php, where manipulation of the email/password parameters allows a SQL injection. The issue is exploitable remotely and, per the records, exploits...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CVE
CVEadded 2026/04/27 2:0 p.m.5 views

CVE-2026-7130

CVE-2026-7130 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the unknown function of the file /ajax.php?action=delete_category , where manipulating the argument ID enables an SQL injection . The attack can be performed remotely and, per the descriptio...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 2:0 p.m.5 views

CVE-2026-7130

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecategory. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/27 2:0 p.m.3 views

CVE-2026-7130 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecategory. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/27 2:0 p.m.30 views

CVE-2026-7130 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecategory. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS0.00254EPSS
Exploits0References5
Rows per page
Query Builder