Lucene search
K

1195 matches found

EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41274

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 4:16 p.m.17 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:11 p.m.10 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
EUVD
EUVD
added 2026/06/30 11:36 a.m.6 views

EUVD-2026-40296

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:36 a.m.17 views

CVE-2026-8402

CVE-2026-8402 describes an SQL injection vulnerability in Eksagate’s SYSGUARD 6001, specifically a blind SQL injection due to improper neutralization of special elements in SQL commands. Affected versions are 2.0.2 up to but not including 6.1.16.0. The vendor reportedly states the product is not ...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 12:27 p.m.34 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 1:25 p.m.22 views

CVE-2026-54829

CVE-2026-54829 concerns the WordPress plugin WP Photo Album Plus (versions up to 9.1.13.005). The vulnerability is an SQL injection due to improper neutralization of input in SQL commands, described as a blind SQL injection. The CVSS 3.1 base metrics indicate NETWORK attack vector, HIGH impact on...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:23 a.m.8 views

EUVD-2026-38713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:23 a.m.6 views

CVE-2026-56052

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 7:23 a.m.10 views

CVE-2026-56052

CVE-2026-56052 is a SQL Injection vulnerability in WordPress Funnel Builder by FunnelKit up to version 3.15.0.5. The root cause is improper neutralization of certain elements in SQL commands, enabling blind SQL injection. Affected product: Funnel Builder by FunnelKit (WordPress plugin). CVSS 3.1 ...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.32 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38506

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS6.6AI score0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.22 views

CVE-2026-34915

CVE-2026-34915 affects Revive Adserver 6.0.6 and earlier due to missing sanitisation in zone-include.php, enabling a low-privileged attacker to exploit the clientid parameter to perform blind SQL injection. The public sources confirm input validation improvements were implemented to ensure all pa...

6.1CVSS6.1AI score0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/06/19 5:16 p.m.11 views

CVE-2017-20277

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:41 p.m.28 views

CVE-2017-20277 Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:41 p.m.8 views

EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50958

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:2 p.m.9 views

EUVD-2026-37895

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder