Lucene search
K

13189 matches found

Nuclei
Nuclei
added yesterday89 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.5AI score0.97405EPSS
Exploits21References5
Nuclei
Nuclei
added yesterday17 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7.2AI score0.36164EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday73 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.5AI score0.83284EPSS
Exploits24References5
Nuclei
Nuclei
added yesterday21 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7.2AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago54 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.1AI score0.40874EPSS
Exploits1References1
CVE
CVE
added 4 days ago11 views

CVE-2026-53690

Redeight CMS 1.0 is cited as vulnerable to an SQL Injection via the userEmail parameter on POST /admin/index.php. The root cause is lack of input sanitization and direct interpolation of user input into SQL queries without prepared statements, enabling unauthenticated remote attackers to run arbi...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.4 views

pgAdmin < 9.16 Multiple SQL Injections

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple SQL injection vulnerabilities: - Multiple SQL template sites across domain, domain-constraint, foreign-table, language, event-trigger, and view dialogs render user-supplied...

8.8CVSS6.2AI score0.00489EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 4:28 p.m.13 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in PostgresSQL 11

A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...

8CVSS7.4AI score0.01465EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. An attacker who has permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The...

8.8CVSS8AI score0.4644EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.7 views

CVE-2026-12044

A flaw was found in pgAdmin 4. An authenticated user with specific permissions could exploit a SQL injection vulnerability by submitting a crafted description field in various dialog templates. This could allow the user to execute arbitrary SQL commands, potentially leading to arbitrary operating...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50956

Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.28 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49288

Name of the Vulnerable Software and Affected Versions OpenSIPS Control Panel versions prior to 9.3.3 Description A Time-Based Blind SQL Injection in the alias management module allows authenticated attackers to execute arbitrary SQL commands. This occurs via the 'table' GET parameter in the 'alia...

8.8CVSS6.2AI score0.00361EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.8 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.29 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.12 views

CVE-2017-20249

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:50 a.m.10 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder