Lucene search
K

8734 matches found

Nuclei
Nuclei
added 17 hours ago120 views

WordPress Statistics <13.0.8 - Blind SQL Injection

WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability. id: CVE-2021-24340 info: name: WordPress Statistics 13.0.8 - Blind SQL Injection author: lotusdll,j4vaovo severity: high description: WordPress Statistic...

7.5CVSS7.1AI score0.26931EPSS
Exploits3References5
Nuclei
Nuclei
added 17 hours ago45 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7.1AI score0.09299EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago12 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References3
Nuclei
Nuclei
added 17 hours ago15 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.1AI score0.04691EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday34 views

LumisXP <10.0.0 - Blind XML External Entity Attack

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XML external entity XXE attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. id:...

9.1CVSS7.2AI score0.18607EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday32 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7.2AI score0.39137EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday72 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday69 views

Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...

5.3CVSS6.5AI score0.69724EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday27 views

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...

9.1CVSS7.2AI score0.26939EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday45 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.7AI score0.61736EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago102 views

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

9.8CVSS7.3AI score0.58743EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41274

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References4
CVE
CVE
added 3 days ago20 views

CVE-2026-57517

Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40296

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-8402

CVE-2026-8402 describes an SQL injection vulnerability in Eksagate’s SYSGUARD 6001, specifically a blind SQL injection due to improper neutralization of special elements in SQL commands. Affected versions are 2.0.2 up to but not including 6.1.16.0. The vendor reportedly states the product is not ...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
Rows per page
Query Builder