Lucene search
K

484 matches found

NVD
NVD
added 2026/04/30 9:16 p.m.10 views

CVE-2026-7435

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

8.6CVSS0.00429EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/30 8:9 p.m.5 views

EUVD-2026-26437

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

8.6CVSS6.3AI score0.00429EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36186

Name of the Vulnerable Software and Affected Versions SSCMS version 7.4.0 Description An issue exists in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. This allows attackers to submit encrypted payloads to...

8.6CVSS6.2AI score0.00429EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/13 3:49 p.m.6 views

CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 3:49 p.m.32 views

CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 3:49 p.m.5 views

CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29954

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...

8.6CVSS6AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 11:20 p.m.2 views

GHSA-9CQ8-3V94-434G PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`

Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...

9.8CVSS6AI score0.00533EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/01 8:9 a.m.43 views

CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

10CVSS0.00381EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 8:9 a.m.20 views

CVE-2026-4370

Summary. CVE-2026-4370 affects Juju (variants: 3.2.0–3.6.19 and 4.0–4.0.4). The issue is in the internal Dqlite database cluster where TLS client/server authentication is not properly performed; the Juju controller’s database endpoint does not validate client certificates when a new node joins th...

10CVSS5.9AI score0.00381EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 9:53 a.m.24 views

CVE-2026-4317 SQL inyection in Umami Software application

SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...

9.3CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 6:29 p.m.20 views

CVE-2026-34385

CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...

8.6CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 6:29 p.m.4 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-29174

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

8.8CVSS6AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 11:18 a.m.6 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 10:35 a.m.28 views

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00304EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 10:35 a.m.13 views

CVE-2026-33134

CVE-2026-33134 affects WeGIA web manager (versions 3.6.5 and earlier). The vulnerability is an authenticated SQL injection in the endpoint html/matPat/restaurar_produto.php, where the parameter id_produto is read from $_GET and directly interpolated into two SQL query strings without sanitization...

9.3CVSS6AI score0.00304EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/20 10:35 a.m.4 views

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS6AI score0.00304EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/20 2:9 a.m.4 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS6AI score0.00279EPSS
Exploits1References2
Veracode
Veracode
added 2026/03/18 4:49 p.m.7 views

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-controlled input from the $REQUEST'query' parameter passed to the browseQuery function, which allows an attacker to execute arbitrary SQL commands and compromise the database...

6.5CVSS6.2AI score0.0025EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder