8561 matches found
CVE-2026-49771
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
EUVD-2026-34240
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771
Summary of CVE-2026-49771 : The WordPress Photo Gallery by 10Web plugin (versions up to 1.8.41) is affected by an SQL Injection vulnerability due to improper neutralization of special elements. The issue enables blind SQL injection. Details in connected documents specify the affected product and ...
Exploit for SQL Injection in Wpdeveloper Notificationx
CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
Skype Pre-Auth Server-side Request Forgery SSRF vulnerability id: CVE-2023-41763 info: name: Skype for Business 2019 SfB - Blind Server-side Request Forgery author: hateshape severity: medium description: | Skype Pre-Auth Server-side Request Forgery SSRF vulnerability impact: | Unauthenticated...
PT-2026-46174
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...
Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...
Oracle E-Business Suite - Blind SSRF
Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...
Visualizer <3.3.1 - Blind Server-Side Request Forgery
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...
CVE-2026-42684
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42684
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
EUVD-2026-33909
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42684 WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-42684
CVE-2026-42684 affects WordPress WP Job Portal plugin versions up to 2.5.1. It is an SQL Injection due to improper neutralization of special elements in SQL commands, described as a blind SQL injection. According to the sources, the issue impacts the plugin in a network-inspired attack with high ...