Lucene search
K

216737 matches found

Cvelist
Cvelist
added 2026/03/22 2:2 a.m.27 views

CVE-2026-4533 code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

6.5CVSS0.00301EPSS
Exploits1References5
CVE
CVE
added 2026/03/22 2:2 a.m.19 views

CVE-2026-4533

CVE-2026-4533 affects code-projects Simple Food Ordering System 1.0. The vulnerability is in the all-tickets.php file where manipulating the Status parameter results in an SQL injection, with remote exploitation possible. Exploitation details are reported across multiple sources (NVD, Red Hat, CI...

8.8CVSS6.5AI score0.00301EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

Projectworlds Online Notes Sharing System 安全漏洞

Projectworlds Online Notes Sharing System is an online note-sharing system developed under the open-source Projectworlds framework. Version 1.0 of the Projectworlds Online Notes Sharing System contains a security vulnerability, which stems from incorrect handling of the User parameter in the...

7.5CVSS7.2AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.9 views

PT-2026-26971

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...

7.5CVSS6.8AI score0.00359EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.4 views

PT-2026-26963

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

6.5CVSS5.8AI score0.00301EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

Code-Projects Simple Food Ordering System SQL注入漏洞

Code-Projects Simple Food Ordering System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Ordering System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Status parameter in the fi...

8.8CVSS6.6AI score0.00301EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.5 views

Fedora 42 : python-scitokens (2026-dec8f790f7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/03/21 11:32 p.m.8 views

CVE-2026-4530

A vulnerability in the apconw Aix-DB up to version 1.2.3 affects the file agent/text2sql/rag/terminology_retriever.py. The issue arises from manipulating the Description argument, which leads to SQL injection. The vulnerability is exploitable via a local attack, and public proof-of-concept exploi...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 11:32 p.m.4 views

CVE-2026-4530

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 11:32 p.m.4 views

CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

5.3CVSS5.6AI score0.00136EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 11:32 p.m.34 views

CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

5.3CVSS0.00136EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 6:31 p.m.4 views

EUVD-2019-19904

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

8.8CVSS6.2AI score0.00351EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/21 6:31 p.m.7 views

EUVD-2019-19901

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

8.8CVSS6.3AI score0.00377EPSS
Exploits1References5
NVD
NVD
added 2026/03/21 4:16 p.m.8 views

CVE-2019-25580

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

8.8CVSS0.00324EPSS
Exploits1References4
NVD
NVD
added 2026/03/21 4:16 p.m.7 views

CVE-2019-25578

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

8.8CVSS0.00377EPSS
Exploits1References4
NVD
NVD
added 2026/03/21 4:16 p.m.6 views

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS0.00338EPSS
Exploits1References4
NVD
NVD
added 2026/03/21 4:16 p.m.4 views

CVE-2019-25573

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

8.8CVSS0.00342EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:30 p.m.3 views

CVE-2019-25581

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

8.8CVSS6.2AI score0.00351EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 3:30 p.m.4 views

CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

8.8CVSS6.2AI score0.00351EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/21 3:30 p.m.25 views

CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

8.8CVSS0.00351EPSS
Exploits1References4
Rows per page
Query Builder