Lucene search
K

216682 matches found

CVE
CVE
added 2026/03/26 12:0 a.m.9 views

CVE-2026-30463

CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...

7.7CVSS5.9AI score0.00373EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Ory Kratos SQL注入漏洞

Ory Kratos is an open-source system developed by Ory, designed with developers in mind, featuring strong security measures and proven reliability. Prior to version 26.2.0, Ory Kratos had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which...

7.2CVSS6.4AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28342

Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress versions prior to 3.0.5 Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the multiformid...

7.5CVSS6AI score0.00304EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a SQL...

9.8CVSS7.2AI score0.00345EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.7 views

RHEL 9 : Satellite 6.17.7 Async Update (Important) (RHSA-2026:5970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5970 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7.2AI score0.09436EPSS
Exploits3References31
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...

7.7CVSS5.8AI score0.00373EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006300 advisory. An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a...

8.1CVSS6AI score0.15602EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28245

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter byCommentCreatedFrom and filter...

8.8CVSS6.2AI score0.00337EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Tandoor Recipes SQL注入漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Recipe API endpoint exposing a hidden debug query...

8.7CVSS5.9AI score0.00446EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...

8.8CVSS6.7AI score0.00348EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

RHEL 9 : Satellite 6.18.4 Async Update (Important) (RHSA-2026:5968)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5968 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7AI score0.01945EPSS
Exploits3References24
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.113 views

📄 OpenEMR 8.0.0.2 SQL Injection

OpenEMR versions prior to 8.0.0.3 contain a remote SQL injection vulnerability in the new search popup that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the new search popup functionality. CVE-2026-29187 - SQL Injection Vulnerabilit...

8.8CVSS5.9AI score0.00473EPSS
Exploits3
Cvelist
Cvelist
added 2026/03/25 11:35 p.m.28 views

CVE-2026-4826 SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /updatestock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS0.00348EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/25 11:31 p.m.28 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS0.00445EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/25 11:31 p.m.9 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.9AI score0.00445EPSS
Exploits1References5
NVD
NVD
added 2026/03/25 11:17 p.m.7 views

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS0.0033EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 11:17 p.m.3 views

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00303EPSS
Exploits1References5
CVE
CVE
added 2026/03/25 11:13 p.m.13 views

CVE-2026-33914

OpenEMR (prior to 8.0.0.3) contains a blind SQL injection in the PostCalendar categoriesUpdate function. The malsicious code uses the dels POST parameter, which is read via pnVarCleanFromInput() (HTML tags stripped only) and directly interpolated into a raw SQL DELETE statement executed by Doctri...

7.2CVSS5.9AI score0.00425EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder