Lucene search
K

216688 matches found

OSV
OSV
added 2026/03/25 9:56 p.m.4 views

GHSA-FFR8-FXHV-FV8H AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter

Summary The Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from $POST'userid' in both subscribe.json.php and subscribeNotify.json.php. An authenticate...

7.1CVSS6.1AI score0.00224EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15907

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

8.5CVSS5.9AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15817

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...

5.9AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15757

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through = 14.0.31...

5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.2 views

EUVD-2026-15691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

5.9AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.2 views

EUVD-2026-15651

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

5.9AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15608

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: fro...

5.9AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15611

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.2...

5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15489

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...

5.9AI score0.00383EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2024-55504

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...

8.8CVSS6AI score0.00338EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/25 5:50 p.m.2 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the remindMe.json.php file. An attacker can extract sensitive database contents or modify data by supplying crafted input to the livescheduleid...

8.8CVSS6AI score0.00347EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:47 p.m.10 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 5:47 p.m.21 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 5:47 p.m.29 views

CVE-2026-33713

The CVE-2026-33713 issue affects n8n before versions 1.123.26, 2.13.3, and 2.14.1, where an authenticated user with workflow permissions could exploit a SQL injection in the Data Table Get node. On SQLite, single statements can be manipulated, while PostgreSQL deployments allow multi-statement ex...

8.8CVSS6AI score0.00423EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 5:47 p.m.4 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6.1AI score0.00423EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 5:17 p.m.1 views

CVE-2026-32534

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

8.5CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25340

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-24977

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through = 2.1.2...

8.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 4:16 p.m.4 views

CVE-2024-58341

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...

8.8CVSS0.00338EPSS
Exploits1References4
Rows per page
Query Builder