Lucene search
K

1975 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43229

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

MyStyle Custom Product Designer <= 3.21.1 - SQL Injection

The MyStyle Custom Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.21.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.3CVSS6.1AI score0.01308EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
NVD
NVD
added 3 days ago8 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS0.00393EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-14342

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00266EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42215

The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 1:28 a.m.12 views

EUVD-2026-41469

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55443

Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...

4.9CVSS6AI score0.00301EPSS
Exploits0References10
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-34101

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:12 p.m.35 views

CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:11 p.m.10 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:11 p.m.8 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 4:10 p.m.32 views

CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:19 a.m.7 views

EUVD-2026-40292

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40080

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 1:27 a.m.9 views

EUVD-2026-39928

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References7
Rows per page
Query Builder