Lucene search
K

9887 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-43293

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

6.2AI score
Exploits0References2
CVE
CVE
added 5 hours ago10 views

CVE-2026-57773

The CVE-2026-57773 entry covers a SQL Injection vulnerability in the WordPress plugin “WooCommerce Advanced Shipment Tracking” (woo-advanced-shipment-tracking) up to version 4.0. The issue is described as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) that l...

7.6CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-57714 WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS
Exploits0References1
CVE
CVE
added 5 hours ago2 views

CVE-2026-57385

Vulnerable software: WordPress Vitepos plugin (vitepos-lite) up to version 3.4.2. Root cause: improper neutralization of special elements in SQL commands enabling blind SQL injection. Impact: high (CVSS v3.1 base 8.5) with network-based attack, low complexity, low privileges, no user interaction;...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-12582

The CVE affects the Library Management System WordPress plugin prior to version 3.5.8. The vulnerability arises because the plugin does not sanitize or escape a user-supplied parameter before using it in a SQL statement, enabling unauthenticated SQL injection via the book_id parameter. This can a...

6.2AI score
Exploits0References1
Nuclei
Nuclei
added 9 hours ago20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago23 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago36 views

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.2AI score0.98067EPSS
Exploits3References2
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References6
CVE
CVE
added 13 hours ago8 views

CVE-2026-15517

CVE-2026-15517 affects Jinher OA 1.0. The vulnerability resides in an unknown function within the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx, where manipulation of the httpOID argument enables a SQL injection. Remote exploitation is possible, and an exploit has been published. The vendor ...

7.5CVSS6.7AI score
Exploits0References5
CVE
CVE
added yesterday11 views

CVE-2026-15490

CVE-2026-15490 concerns RafyMrX TOKO-ONLINE-ROTI: SQL injection in the unknown functionality of the file pros es/add.php, via manipulation of the arguments kode_produk/kd_cs. The issue is exploitable remotely with no authentication (attack vector: NETWORK; complexity: LOW). Evidence indicates imp...

7.5CVSS6.7AI score0.00494EPSS
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-15489

The CVE-2026-15489 entry describes a SQL injection in RafyMrX TOKO-ONLINE-ROTI (up to commit ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99) via an input in the file proses/login.php where the Username argument is manipulated. The vulnerability is exploitable remotely, with a publicly available exploit...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References4
EUVD
EUVD
added yesterday7 views

EUVD-2026-43200

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS5.9AI score0.00228EPSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43157

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS6.1AI score0.00326EPSS
Exploits0References5
CVE
CVE
added 2 days ago11 views

CVE-2026-15335

The Booking Package WordPress plugin is vulnerable up to version 1.7.20 due to insufficient escaping on the email parameter in the REST endpoint /wp-json/booking-package/v1/request, allowing unauthenticated SQL injection. Root cause: user-supplied email input reaches the SQL sink without proper e...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References10
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43121

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-15081

CVE-2026-15081 affects the Drupal Location Selector module. The issue is an improper neutralization of inputs in a SQL command, enabling SQL injection via a Views filter that handles user input. Affected versions are Location Selector 0.0.0 through 1.3.0. Root cause: insufficient sanitization of ...

6.1AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-13010 JoomSport <= 5.7.9 - Authenticated (Contributor+) SQL Injection via 'event' Shortcode Attribute

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS
Exploits0References4
Rows per page
Query Builder