Lucene search
K

712 matches found

CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

Grocery Crud security vulnerability

Grocery Crud is an open-source software development tool created by Grocery Crud. Version 1.6.4 of Grocery Crud contains a security vulnerability, which stems from SQL injection in the orderby parameter, potentially allowing for manipulation of database queries...

9.1CVSS5.8AI score0.00531EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/09 4:18 p.m.20 views

CVE-2026-22197 GestSup < 3.2.60 Multiple SQL Injections in Asset List

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

7.5CVSS0.00298EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.16 views

CVE-2021-33688

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...

4.3CVSS6.8AI score0.00631EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-2169

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a SQL injection issue in the ticket creation functionality. User-controlled input during ticket creation is used in SQL queries without...

7.7CVSS7.1AI score0.00288EPSS
Exploits0References5
CVE
CVE
added 2026/01/01 6:30 p.m.17 views

CVE-2025-55065

CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...

7.5CVSS7.3AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:41 p.m.16 views

CVE-2023-54163

CVE-2023-54163 affects NLB mKlik Macedonia 3.3.12, where a SQL injection vulnerability exists in the international transfer parameters. The root cause is unsanitized input allowing arbitrary SQL execution, potentially exposing sensitive data from the mobile banking application. The CVSSv3.1 vecto...

8.8CVSS7.4AI score0.00295EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/12/17 11:15 p.m.21 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

9.8CVSS0.0051EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 11:15 p.m.5 views

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.12 views

PT-2025-51869

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the src/UserEditor.php file. When an administrator saves a user’s configuration settings, the keys of the type...

7.2CVSS7.8AI score0.00346EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/05 9:34 p.m.9 views

CVE-2023-53734

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

8.7CVSS7.6AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 9:16 p.m.7 views

CVE-2023-53734

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

8.7CVSS0.00463EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49129

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

8.7CVSS7.6AI score0.00463EPSS
Exploits0References6
OSV
OSV
added 2025/12/03 7:15 p.m.2 views

DEBIAN-CVE-2025-12819

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...

8.1CVSS8AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-13596

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

6.9CVSS7AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 6:31 a.m.5 views

EUVD-2025-199709

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

8.6CVSS7.4AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 7:30 a.m.25 views

EUVD-2025-198625

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

6.9CVSS6.5AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.7 views

PT-2025-47890

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

6.9CVSS7AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 12:0 a.m.19 views

CVE-2025-60798

CVE-2025-60798 affects phpPgAdmin 7.13.0 and earlier. The vulnerability is a SQL injection in display.php (line 396) where user-controlled input from $_REQUEST['query'] is passed directly to browseQuery without sanitization. An authenticated attacker can manipulate the query to execute arbitrary ...

6.5CVSS8AI score0.0025EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/11/07 12:24 p.m.5 views

Malicious Package

Overview MCDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

9.8CVSS7.2AI score
Exploits0References2
Snyk
Snyk
added 2025/11/07 12:24 p.m.4 views

Malicious Package

Overview SqlUnicornCoreTest is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023...

9.8CVSS7.2AI score
Exploits0References2
Rows per page
Query Builder