Lucene search
K

1414 matches found

NVD
NVD
added 6 hours ago3 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS
Exploits0References2
CVE
CVE
added 8 hours ago9 views

CVE-2026-15804

The CVE-2026-15804 entry concerns MetaGuru’s HCM Product with a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands through specific parameters, compromising database confidentiality, integrity, and availability. The connected records confirm affected component as ...

8.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 13 hours ago5 views

CVE-2026-11851

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-59515

CVE-2026-59515 affects the WordPress AIWU plugin (ai-copilot-content-generator) and is due to an improper neutralization of special elements in SQL commands , enabling Blind SQL Injection . Affected versions are WordPress AIWU plugin ≤ 1.5.4. The CVSS‑3.1 base score is 9.3 (CRITICAL) with network...

9.3CVSS6.1AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 3 days ago3 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-55405

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...

7.6CVSS0.00348EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 12:0 a.m.6 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:21 a.m.11 views

CVE-2026-14809

CVE-2026-14809 affects PROG MIS’s Prog Management System. The connected CVE records confirm an SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The description does not specify the exact vulnerable component, versi...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 10:16 p.m.10 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:45 p.m.9 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/04 9:45 p.m.13 views

CVE-2026-14657

CVE-2026-14657 describes a SQL injection flaw in the code-projects Assessment Management 1.0, affecting the Database Query Handler. The vulnerability arises from how the argument squestions[] is processed in the file /lecturer/marking-scheme.php, enabling remote exploitation. The exploit is publi...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 9:45 p.m.44 views

CVE-2026-14657 code-projects Assessment Management Database Query marking-scheme.php sql injection

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 9:17 p.m.8 views

CVE-2026-14652

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.14 views

PT-2026-55737

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An SQL injection flaw exists in the Database Query Handler component due to improper processing of the /lecturer/marking-scheme.php endpoint. A remote attacker can exploit this by...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References9
NVD
NVD
added 2026/07/02 6:16 a.m.8 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/06/28 7:16 p.m.15 views

CVE-2026-49048

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

9.8CVSS0.00505EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/28 6:37 p.m.42 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS0.00505EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/28 9:45 a.m.8 views

EUVD-2026-39986

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Rows per page
Query Builder