Lucene search
K

2866 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.2 views

CVE-2026-36923

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...

2.7CVSS5.9AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...

7.8CVSS5.8AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

itsourcecode Construction Management System SQL注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Name” in th...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 3:31 p.m.6 views

EUVD-2026-21386

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

5.9AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 3:16 p.m.8 views

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

9.8CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:51 a.m.10 views

CVE-2026-33088

Movable Type (Six Apart Ltd.) has a SQL Injection vulnerability (CVE-2026-33088) that could allow an attacker to execute arbitrary SQL statements. Affected product/version details are not fully specified in the initial doc, but multiple connected sources confirm the flaw and provide remediation g...

9.8CVSS7.3AI score0.00349EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Advanced Contact form 7 DB 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31108

Name of the Vulnerable Software and Affected Versions Movable Type affected versions not specified Description Movable Type contains an SQL Injection vulnerability that may allow an attacker to execute an arbitrary SQL statement. Recommendations At the moment, there is no information about a newe...

7.3CVSS7.4AI score0.00349EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.7 views

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

9.8CVSS5.9AI score0.08741EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

News Website Script SQL注入漏洞

News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...

8.8CVSS5.9AI score0.004EPSS
Exploits1References3
OSV
OSV
added 2026/04/03 1:27 p.m.4 views

JLSEC-2026-34

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. A...

4.3CVSS7.2AI score0.01187EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.1 contained a security vulnerability; this vulnerability stemmed from the lack of escaping of SQL LIKE wildcards in search queries, which could lead to information...

6.9CVSS5.8AI score0.00336EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Umami SQL注入漏洞

Umami is a lightweight analysis platform provided by Umami Inc., which offers features for website access statistics and user behavior analysis. Umami has a SQL injection vulnerability, which stems from improper cleaning of the timezone request parameters. This vulnerability may lead to SQL...

9.3CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-4900

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

6.9CVSS5.8AI score0.00433EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 3:1 a.m.4 views

CVE-2026-4910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 9:56 p.m.26 views

CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

6.9CVSS0.00433EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...

9.3CVSS5.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31827

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL e.g., 30 seconds, the TTL index is...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 2:31 a.m.11 views

CVE-2026-4838

SourceCodester Malawi Online Market 1.0 contains a SQL injection in an unknown function within /display.php triggered by manipulating the argument ID. This allows remote exploitation and an exploit has been published. The CVE notes the impact as low for confidentiality/integrity/availability with...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/03/23 11:38 p.m.6 views

CVE-2026-4614

CVE-2026-4614 : A vulnerability in itsourcecode sanitization/validation affects the Parameter Handler’s processing of /admin/subjects.php, where manipulation of the subject_code argument enables SQL injection. The issue can be exploited remotely and exploit details have been publicly disclosed. C...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder