Lucene search
+L

755 matches found

Cvelist
Cvelist
added 2026/06/19 4:38 p.m.32 views

CVE-2017-20276 Joomla! Component SIMGenealogy 2.1.5 SQL Injection

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=comsimgenealogy, view=latest parameters...

8.8CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 4:16 p.m.16 views

CVE-2017-20259

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.20 views

CVE-2017-20252

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=comnge&view=config and inject malicious SQL code in the plname paramet...

8.8CVSS0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 3:51 p.m.23 views

CVE-2017-20262

CVE-2017-20262 affects the Joomla! extension Ajax Quiz (version 1.8). The vulnerability is an SQL injection in the cid parameter, exploitable via GET requests to index.php with option=com_ajaxquiz and view=ajaxquiz. An unauthenticated attacker can execute arbitrary SQL and retrieve sensitive data...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:47 p.m.20 views

CVE-2017-20261

CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:27 p.m.34 views

CVE-2017-20255 Joomla! Component JB Visa 1.0 SQL Injection via visatype

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...

8.8CVSS0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50960

Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/18 5:34 a.m.15 views

EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References14
CVE
CVE
added 2026/06/15 8:18 p.m.22 views

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36811

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 p.m.20 views

CVE-2016-20069

CVE-2016-20069 affects WordPress plugin WordPress Booking Calendar Contact Form 1.0.23. It contains an unauthenticated blind SQL injection in the shortcode function where the calendar parameter is not sanitized before being used in database queries. This allows an attacker to inject SQL commands ...

8.8CVSS6.2AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 6:0 a.m.46 views

CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

0.00969EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.14 views

CVE-2026-11484

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:57 a.m.8 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:20 a.m.32 views

CVE-2026-44744

Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

WordPress plugin Wow Forms SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47762

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
NVD
NVD
added 2026/06/08 12:16 p.m.15 views

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

CodeAstro Student Attendance Management System 注入漏洞

CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter className in...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 8:17 p.m.18 views

CVE-2026-45779

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

9.8CVSS0.00479EPSS
Exploits0References4
Rows per page
Query Builder