Lucene search
K

143 matches found

Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26924

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26928

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00324EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.10 views

PT-2026-26923

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/06 3:31 p.m.8 views

EUVD-2018-21621

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:16 p.m.6 views

CVE-2018-25191

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...

7.1CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 1:15 p.m.7 views

CVE-2018-25161

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:18 p.m.3 views

CVE-2018-25166

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.4 views

PT-2026-23678

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23701

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod id' parameter. Attackers can send POST requests to the editar producto.php endpoint with crafted SQL payloads in the mod...

7.1CVSS6.1AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.11 views

PT-2026-23673

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/23 9:42 p.m.4 views

EUVD-2025-204961

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

9.4CVSS8.5AI score0.0376EPSS
Exploits1References3
NVD
NVD
added 2025/12/11 10:15 p.m.3 views

CVE-2024-58309

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...

9.8CVSS0.00506EPSS
Exploits1References3
Veracode
Veracode
added 2025/11/18 4:56 a.m.5 views

SQL Injection

Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...

8.8CVSS7.2AI score0.00424EPSS
Exploits0References5Affected Software5
Snyk
Snyk
added 2025/10/09 1:42 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

8.8CVSS8.6AI score0.00424EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 1:15 p.m.3 views

CVE-2025-62228 Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

5.1CVSS7.5AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 1:15 p.m.10 views

CVE-2025-62228 Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

5.1CVSS0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.5 views

PT-2025-41380

Name of the Vulnerable Software and Affected Versions Apache Flink CDC version 3.4.0 Description The software is susceptible to a SQL injection due to maliciously crafted identifiers, such as a crafted database name or table name. The attack can only be triggered by a logged-in database user...

8.8CVSS7.4AI score0.00424EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-5262

Malware in sbrugna...

4.3CVSS6.4AI score0.01191EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3684

Malicious code in bioql PyPI...

8CVSS8.7AI score0.02115EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2014-8326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticat...

3.5CVSS8.4AI score0.01519EPSS
Exploits1References2
Rows per page
Query Builder