Lucene search
K

1958 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.7 views

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

9.8CVSS8.3AI score0.00694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.7 views

CVE-2023-6748

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.8 views

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.2CVSS7.2AI score0.00841EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.5 views

CVE-2022-29597

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

6.5CVSS6.9AI score0.01852EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:56 p.m.5 views

CVE-2022-23857

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...

6.5CVSS7.1AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:56 p.m.6 views

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

4.9CVSS7.3AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.10 views

CVE-2021-25109

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link...

4CVSS6.5AI score0.00832EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.10 views

CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...

8.8CVSS8.5AI score0.02505EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.6 views

CVE-2020-15486

An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved...

6.5CVSS6.9AI score0.00508EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.8 views

CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

7.5CVSS7.1AI score0.01073EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.8 views

CVE-2020-36723

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6.5AI score0.01608EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.4 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8CVSS7.3AI score0.01104EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.9 views

CVE-2019-10673

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the...

9.3CVSS7.3AI score0.01816EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:4 a.m.13 views

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

2.4CVSS6.4AI score0.00507EPSS
Exploits1References1
NVD
NVD
added 2025/05/20 3:16 p.m.10 views

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

7.5CVSS0.11279EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/20 12:0 a.m.10 views

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

0.11279EPSS
Exploits1References1
CVE
CVE
added 2025/05/20 12:0 a.m.43 views

CVE-2025-26086

RSI Queue Management System v3.0 has an unauthenticated blind SQL injection in the TaskID parameter of the GET request handler. The vulnerability enables time-delayed SQL payloads to be remotely injected, causing measurable response delays that allow time-based inference and iterative extraction ...

7.5CVSS7.8AI score0.11279EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 12:19 a.m.24 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.8CVSS8.5AI score0.00438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 12:19 a.m.18 views

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

5.1CVSS8.6AI score0.00214EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 3:16 p.m.6 views

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

5.1CVSS8.8AI score0.00214EPSS
Exploits1References2
Rows per page
Query Builder