Lucene search
K

40 matches found

Cvelist
Cvelist
added 2026/02/19 1:58 p.m.38 views

CVE-2026-2744

...

Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20717

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

5.8AI score0.00361EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:50 p.m.4 views

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

9.8CVSS5.6AI score0.00345EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:7 p.m.6 views

CVE-2026-25544

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

9.8CVSS5.7AI score0.00453EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/04 8:26 p.m.8 views

EUVD-2026-5352

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

4.2CVSS5.4AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6253

Name of the Vulnerable Software and Affected Versions Iqonic Design KiviCare versions through 3.6.16 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for potential unauthorized access or...

8.5CVSS5.6AI score0.00205EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.7 views

CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.6 views

CVE-2025-67921

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through 2.8.6...

8.5CVSS5.9AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.6 views

PT-2026-1898

Name of the Vulnerable Software and Affected Versions Lobo versions prior to 2.8.6 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This allows for potential unauthorized access to or...

9.8CVSS7.4AI score0.00253EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/24 12:49 p.m.3 views

CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

8.6CVSS7.2AI score0.00414EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 6:40 p.m.6 views

CVE-2025-62423 ClipBucket V5 Blind SQL injection in the Admin Panel

ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - 140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/adminarea/loginasuser.php” file. Exploiting this vulnerability requires access privileges to the Admin Area...

6.7CVSS8AI score0.00483EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28062

Malicious code in bioql PyPI...

9.3CVSS9.2AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2023/12/07 7:15 a.m.4 views

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

9.8CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/26 5:15 p.m.4 views

CVE-2022-30493

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin accessprivilege escalation...

10CVSS7.5AI score0.02069EPSS
Exploits1References2
OSV
OSV
added 2022/05/02 7:15 p.m.4 views

CVE-2022-1369

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

9.8CVSS7.5AI score0.01138EPSS
Exploits0References1
OSV
OSV
added 2022/03/29 5:15 p.m.7 views

CVE-2022-26836

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

9.8CVSS7.5AI score0.01172EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 4:15 p.m.5 views

CVE-2022-24226

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php...

7.5CVSS7.2AI score0.01736EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/12/07 5:15 p.m.3 views

CVE-2021-43789

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...

9.8CVSS7.3AI score0.04133EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2021/08/30 6:15 p.m.5 views

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

9.8CVSS6.1AI score0.19765EPSS
Exploits0References1
OSV
OSV
added 2018/09/08 3:29 p.m.5 views

CVE-2018-16724

An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request...

9.8CVSS5.8AI score0.01202EPSS
Exploits1References1
Rows per page
Query Builder