Lucene search
K

216733 matches found

Cvelist
Cvelist
added 2026/03/23 2:59 a.m.30 views

CVE-2026-4569 SourceCodester Sales and Inventory System HTTP POST Request view_category.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /viewcategory.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is...

6.5CVSS0.0025EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 2:12 a.m.9 views

CVE-2026-4568

CVE-2026-4568 affects SourceCodester Sales and Inventory System 1.0. The vulnerability resides in the HTTP GET handler for /update_supplier.php, where manipulating the sid parameter yields an SQL injection. It is a network-accessible issue with LOW privilege requirements and no user interaction, ...

6.5CVSS6.3AI score0.0031EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 2:12 a.m.1 views

CVE-2026-4568

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...

6.5CVSS6.4AI score0.0031EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/03/23 2:12 a.m.31 views

CVE-2026-4568 SourceCodester Sales and Inventory System HTTP GET Request update_supplier.php sql injection

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...

6.5CVSS0.0031EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/23 2:12 a.m.3 views

EUVD-2026-14351

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.6AI score0.0031EPSS
Exploits1References5
NVD
NVD
added 2026/03/23 12:16 a.m.3 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00444EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

wvp-GB28181-pro SQL注入漏洞

WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27103

A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The explo...

7.5CVSS5.6AI score0.00354EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27258

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27073

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...

7.5CVSS5.7AI score0.00329EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27042

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System 1.0. The issue is related to the manipulation of the searchtxt argument within an HTTP POST request to...

6.5CVSS6.6AI score0.0025EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27043

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP POST requests. Specifically, manipulation of the searchtxt argument within a POST...

6.5CVSS6.7AI score0.00295EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27247

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account id leads to sql injection. Remote exploitation of...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/03/23 12:0 a.m.125 views

📄 OpenEMR 8.0.0 Authenticated SQL Injection

OpenEMR version 8.0.0 authenticated remote SQL injection exploit that leverages the name parameter in ajax/graphs.php. ====================================================================================================================== | Title : OpenEMR 8.0.0 Authenticated SQL Injection via nam...

8.8CVSS5.9AI score0.00327EPSS
Exploits2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

ERUPT 安全漏洞

ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Version 1.13.3 of ERUPT contains a security vulnerability. This vulnerability stems from incorrect operations on the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java in the MCP Tool...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27044

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A security flaw exists in SourceCodester Sales and Inventory System 1.0. The issue is related to SQL injection within the HTTP POST Request Handler functionality, specifically i...

6.5CVSS6.6AI score0.00245EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.12 views

PT-2026-27253

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of SQL queries within the onpublish.php callback function, which coul...

7.5CVSS5.8AI score0.00468EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

ERUPT 安全漏洞

ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27269

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00318EPSS
Exploits0References6
Rows per page
Query Builder