Lucene search
K

9896 matches found

NVD
NVD
added 13 hours ago4 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS
Exploits0References1
NVD
NVD
added 13 hours ago3 views

CVE-2026-57739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS
Exploits0References1
EUVD
EUVD
added 14 hours ago6 views

EUVD-2026-43293

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

8.6CVSS6.2AI score
Exploits0References2
CVE
CVE
added 14 hours ago11 views

CVE-2026-57773

The CVE-2026-57773 entry covers a SQL Injection vulnerability in the WordPress plugin “WooCommerce Advanced Shipment Tracking” (woo-advanced-shipment-tracking) up to version 4.0. The issue is described as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) that l...

7.6CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-57714 WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS
Exploits0References1
CVE
CVE
added 14 hours ago4 views

CVE-2026-57385

Vulnerable software: WordPress Vitepos plugin (vitepos-lite) up to version 3.4.2. Root cause: improper neutralization of special elements in SQL commands enabling blind SQL injection. Impact: high (CVSS v3.1 base 8.5) with network-based attack, low complexity, low privileges, no user interaction;...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 17 hours ago9 views

CVE-2026-12582

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

8.6CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago37 views

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.2AI score0.98067EPSS
Exploits3References2
Nuclei
Nuclei
added 18 hours ago20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago23 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
EUVD
EUVD
added 21 hours ago6 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References6
CVE
CVE
added 23 hours ago9 views

CVE-2026-15517

CVE-2026-15517 affects Jinher OA 1.0. The vulnerability resides in an unknown function within the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx, where manipulation of the httpOID argument enables a SQL injection. Remote exploitation is possible, and an exploit has been published. The vendor ...

7.5CVSS6.7AI score
Exploits0References5
CVE
CVE
added yesterday11 views

CVE-2026-15490

CVE-2026-15490 concerns RafyMrX TOKO-ONLINE-ROTI: SQL injection in the unknown functionality of the file pros es/add.php, via manipulation of the arguments kode_produk/kd_cs. The issue is exploitable remotely with no authentication (attack vector: NETWORK; complexity: LOW). Evidence indicates imp...

7.5CVSS6.7AI score0.00494EPSS
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-15489

The CVE-2026-15489 entry describes a SQL injection in RafyMrX TOKO-ONLINE-ROTI (up to commit ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99) via an input in the file proses/login.php where the Username argument is manipulated. The vulnerability is exploitable remotely, with a publicly available exploit...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References4
NVD
NVD
added yesterday9 views

CVE-2026-15477

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS0.00396EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43200

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS5.9AI score0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43157

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS6.1AI score0.00326EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15335

The Booking Package WordPress plugin is vulnerable up to version 1.7.20 due to insufficient escaping on the email parameter in the REST endpoint /wp-json/booking-package/v1/request, allowing unauthenticated SQL injection. Root cause: user-supplied email input reaches the SQL sink without proper e...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References10
Rows per page
Query Builder