Lucene search
+L

3933 matches found

nuclei
nuclei
added yesterday104 views

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

8.8CVSS7.1AI score0.05141EPSS
Exploits3References5
nuclei
nuclei
added yesterday38 views

KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection

The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7AI score0.13515EPSS
Exploits2References5
cve
cve
added 2 days ago6 views

CVE-2026-62361

CVE-2026-62361 affects listmonk prior to version 6.2.0. The vulnerability arises in the GET /api/subscribers/export endpoint, which injects a user-controlled query parameter into QuerySubscribersForExport without calling validateQueryTables, unlike GET /api/subscribers. An authenticated user with...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References3
cve
cve
added 2 days ago11 views

CVE-2026-12512

CVE-2026-12512 affects the Quotes Llama WordPress plugin prior to 3.1.6. The root cause is improper sanitization/escaping of a user-supplied parameter before it is used in a SQL query, enabling unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the databas...

8.6CVSS6.2AI score0.00268EPSS
Exploits0References1
nuclei
nuclei
added 2 days ago252 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
nvd
nvd
added 3 days ago8 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS0.00346EPSS
Exploits0References1
cve
cve
added 3 days ago33 views

CVE-2026-62422

CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...

10CVSS6.1AI score0.00346EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago27 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS0.00346EPSS
Exploits0References1
nuclei
nuclei
added 3 days ago32 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.2AI score0.86706EPSS
Exploits1References2
ptsecurity
ptsecurity
added 3 days ago8 views

PT-2026-58006

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13757 JetBrains YouTrack versions prior to 2025.3.148033 JetBrains YouTrack versions prior to 2025.2.148048 JetBrains YouTrack versions prior to 2025.1.148120 JetBrains YouTrack versions prior to...

10CVSS6.1AI score0.00346EPSS
Exploits0References5
nessus
nessus
added 4 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQ...

7.2CVSS6.2AI score0.00677EPSS
Exploits1References3
nvd
nvd
added last week7 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS0.00677EPSS
Exploits1References4
osv
osv
added last week4 views

UBUNTU-CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score0.00677EPSS
Exploits1References6
cve
cve
added last week18 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score0.00677EPSS
Exploits1References4Affected Software1
fedora
fedora
added 2026/07/10 12:53 a.m.9 views

[SECURITY] Fedora 44 Update: php-8.5.8-1.fc44

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.9AI score
Exploits0
cvelist
cvelist
added 2026/07/09 10:18 p.m.36 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS0.00316EPSS
Exploits0References3
nvd
nvd
added 2026/07/09 3:16 p.m.6 views

CVE-2026-56292

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/07/09 1:49 p.m.4 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
euvd
euvd
added 2026/07/09 1:49 p.m.6 views

EUVD-2026-42591

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
cve
cve
added 2026/07/09 1:49 p.m.18 views

CVE-2026-56292

The CVE describes an SQL injection in the AcyMailing extension for Joomla, affecting versions older than 10.11.1. The underlying issue is a SQL query handling flaw in the AcyMailing component, allowing an attacker to achieve unauthorized database access and potential data leakage . Products: Joom...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder