Lucene search
K

1967 matches found

Nuclei
Nuclei
added yesterday13 views

MyStyle Custom Product Designer <= 3.21.1 - SQL Injection

The MyStyle Custom Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.21.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.3CVSS6AI score0.01308EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-41469

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
NVD
NVD
added 6 days ago8 views

CVE-2026-34101

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
CVE
CVE
added 6 days ago8 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-40292

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40080

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.5 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/27 1:27 a.m.9 views

EUVD-2026-39928

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 6:51 a.m.28 views

CVE-2026-12937 Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS0.00304EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:42 a.m.5 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.33 views

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52192

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 11:53 a.m.12 views

EUVD-2025-210326

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
Rows per page
Query Builder