Lucene search
K

3392 matches found

Nuclei
Nuclei
added yesterday51 views

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.03449EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday86 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7AI score0.09299EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday55 views

Garage Management System 1.0 - SQL Injection

Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...

9.8CVSS7.1AI score0.03384EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday52 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday45 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday88 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.1AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday49 views

Agentejo Cockpit <0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. id: CVE-2020-35847 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoS...

9.8CVSS7AI score0.98294EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday35 views

74cms - ajax_officebuilding.php SQL Injection

A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php. id: CVE-2020-22210 info: name: 74cms - ajaxofficebuilding.php SQL Injection author: ritikchaddha severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x...

9.8CVSS6.8AI score0.08579EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday37 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10548 info: name: rConfig 3.9.4...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday119 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection

The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...

4.3CVSS6.4AI score0.06079EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday51 views

Atom.CMS 2.0 - SQL Injection

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php which allows an attacker to execute arbitrary SQL commands. id: CVE-2022-28033 info: name: Atom.CMS 2.0 - SQL Injection author: ritikchaddha severity: critical description: | Atom.CMS 2.0 is vulnerable to SQL Injection via...

9.8CVSS7.2AI score0.05412EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday97 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7AI score0.82976EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday113 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7AI score0.12484EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday75 views

WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection

WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/o...

7.2CVSS7AI score0.05691EPSS
Exploits2References5
CVE
CVE
added 2 days ago10 views

CVE-2026-10041

The CVE-2026-10041 entry concerns the WCFM – Frontend Manager for WooCommerce WordPress plugin (versions

4.3CVSS6.2AI score0.0025EPSS
Exploits0References12
Nuclei
Nuclei
added 2 days ago110 views

WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection

WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive...

7.2CVSS7.1AI score0.73293EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
NVD
NVD
added 4 days ago7 views

CVE-2026-58307

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS0.00107EPSS
Exploits0References2
Rows per page
Query Builder