Lucene search
K

957 matches found

EUVD
EUVD
added 21 hours ago5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-13010

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-59832

SiYuan before 3.7.1 is affected by an authenticated path traversal in the /snippets/*filepath route (serveSnippets) where the handler in kernel/server/serve.go joins a single-decoded path with the snippets directory without subpath containment or sensitive-path checks, allowing requests like /sni...

7.7CVSS6AI score0.00316EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.7 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...

9.9CVSS5.8AI score0.00685EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/01 4:15 p.m.8 views

EUVD-2026-41062

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 12:47 p.m.11 views

CVE-2026-7166

CVE-2026-7166 affects the Assassin game by Gaudire. The API and local database expose sensitive data via the email and telefon fields, including data on minors and municipal users. This unauthenticated remote access could compromise confidentiality (CVSS 4.0 base 9.2, HIGH impact). No exploit or ...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:16 p.m.12 views

CVE-2019-25749

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guestadult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guestadu...

7.1CVSS0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:28 p.m.6 views

EUVD-2017-19000

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.28 views

PT-2026-50933

Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/15 7:3 a.m.11 views

YesWiki < 4.6.4 - Unauthenticated SQL Injection

YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...

5.8AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:0 a.m.11 views

EUVD-2020-31249

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2018-21950

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 9:0 p.m.31 views

CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.25 views

CVE-2018-25419

AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.13 views

EUVD-2018-21941

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.38 views

CVE-2018-25401 The Open ISES Project 3.30A SQL Injection via sever_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to severgraph.php with crafted SQL payloads to extract sensitive databas...

8.8CVSS0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 9:16 a.m.34 views

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:55 a.m.22 views

CVE-2026-40833

CVE-2026-40833 describes an unauthenticated SQL Injection in the saveDashboardLayout function of dash.php, allowing a low-privileged, remote attacker to read the entire database and insert data into a non-critical table. The issue arises from improper neutralization of user-supplied elements in a...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:52 a.m.12 views

EUVD-2026-32129

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder