Lucene search
K

2866 matches found

NVD
NVD
added 2026/03/23 10:16 a.m.2 views

CVE-2026-4581

A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The explo...

9.8CVSS0.00354EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26926

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

8.8CVSS6.3AI score0.00377EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 8:16 p.m.3 views

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 2:9 a.m.22 views

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

8CVSS0.00279EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

8.5CVSS5.8AI score0.00225EPSS
Exploits0References2
Wordfence Blog
Wordfence Blog
added 2026/03/10 4:34 p.m.12 views

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...

7.5CVSS7AI score0.02289EPSS
Exploits1
Redos
Redos
added 2026/03/10 12:0 a.m.7 views

ROS-20260310-73-0002

A vulnerability in the MySQL and MariaDB database management system is related to information disclosure. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data...

6.8CVSS5.8AI score0.00431EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/09 6:2 a.m.2 views

CVE-2026-3806 SourceCodester/janobe Resort Reservation System room_rates.php sql injection

A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /roomrates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/02 4:19 p.m.2 views

CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...

8.6CVSS6AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

CGM NETRAAD SQL注入漏洞

CGM NETRAAD is a radiology information system and imaging archiving system developed by the German company CGM. Versions of CGM NETRAAD prior to 7.9.0 contained a SQL injection vulnerability. This vulnerability arises from handling C-FIND queries, potentially allowing unauthorized access to the...

8.8CVSS5.9AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/25 4:32 a.m.27 views

CVE-2026-3150 itsourcecode College Management System display-teacher.php sql injection

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacherid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00265EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

itsourcecode News Portal Project SQL注入漏洞

itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5
CNVD
CNVD
added 2026/02/11 12:0 a.m.3 views

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14679)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from a possible server crash whe...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.7 views

CVE-2026-2212

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...

9.8CVSS0.00323EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

Code-Projects Social Networking Site SQL注入漏洞

Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file /deletepost.php, which...

9.8CVSS7.1AI score0.00323EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/03 10:55 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sorting parameter. An attacker can execute arbitrary code and insert malicious database content by manipulating crafted URLs. Remediation Upgrade oxid-esales/oxideshop-ce to version 6.3.4 or higher. References -...

8.8CVSS6.3AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37081 Fishing Reservation System 7.5 - 'uid' SQL Injection

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS0.00198EPSS
Exploits0References4
CNVD
CNVD
added 2026/02/03 12:0 a.m.1 views

SQL Injection Vulnerability in SQLBot of Hangzhou Feizhiyun Information Technology Co.

SQLBot is an intelligent questioning system based on large models and RAG. Hangzhou Feizhiyun Information Technology Co., Ltd SQLBot suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-36365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage...

7.5CVSS6.6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/31 12:30 a.m.7 views

EUVD-2025-206550

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query...

6.5CVSS5.9AI score0.00347EPSS
Exploits0References2
Rows per page
Query Builder