Lucene search
+L

755 matches found

CVE
CVE
added 2026/05/27 7:59 a.m.19 views

CVE-2026-40848

CVE-2026-40848 describes an unauthenticated SQL injection in the tag view exploitable by a low-privilege remote attacker, caused by improper neutralization of SQL elements in a SELECT command. The primary impact stated is total confidentiality loss. Connected sources (NVD/CVELIST) corroborate the...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:47 a.m.18 views

CVE-2026-40815

CVE-2026-40815 describes an unauthenticated SQL injection vulnerability in the _mb24api_getUserAccount function. The issue arises from improper neutralization of special elements in a SQL SELECT command, allowing an unauthenticated remote attacker to potentially obtain total loss of confidentiali...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 12:0 a.m.17 views

EUVD-2026-32026

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43600

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...

7.1CVSS6AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Tainacan SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 a.m.18 views

CVE-2026-9526

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...

7.5CVSS0.00319EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43390

CISA added an actively exploited Drupal SQL injection to its KEV catalog and gave federal agencies until Wednesday evening to patch. If you're running Drupal in production and haven't patched CVE-2025-50329, you're exposed to trivial database compromise. No auth required. cybersecurity infosec...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2026/05/25 10:5 p.m.13 views

EUVD-2026-31759

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 3:39 p.m.12 views

EUVD-2026-31705

SQL Injection affecting the Access Manager role...

6.6CVSS5.9AI score0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.25 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/25 11:16 a.m.158 views

dvwa_web_security_labs

DVWA Web Security Labs Project Description This project c...

6AI score
Exploits0
EUVD
EUVD
added 2026/05/25 12:45 a.m.13 views

EUVD-2026-31614

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 2:28 a.m.35 views

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.6 views

CVE-2026-48235

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 9:22 a.m.14 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/16 4:16 p.m.10 views

CVE-2021-47980

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

7.1CVSS0.00226EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.15 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:16 p.m.11 views

CVE-2021-47966

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS0.0027EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 6:44 p.m.4 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS6AI score0.00265EPSS
Exploits0References3
Rows per page
Query Builder