Lucene search
K

6602 matches found

Nuclei
Nuclei
added yesterday52 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.8AI score0.01231EPSS
Exploits3References2
NVD
NVD
added 3 days ago5 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
CVE
CVE
added 3 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-59224

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57034

Name of the Vulnerable Software and Affected Versions YesWiki version 4.6.5 Description An issue exists in the Bazar widget handler where the id GET parameter is reflected into HTML attributes using only the strip tags function. Since strip tags does not escape double quotes, an unauthenticated...

6.1CVSS6.3AI score0.00039EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 12:30 a.m.5 views

EUVD-2026-41785

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 10:45 p.m.30 views

CVE-2026-14775 SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 10:0 p.m.33 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 10:0 p.m.14 views

CVE-2026-14772

CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 9:0 p.m.15 views

CVE-2026-14770

The CVE-2026-14770 entry affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in the /edit_room.php script caused by manipulating the ID parameter, allowing remote initiation of an attack. This is supported by multiple connected sources that describe...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 11:30 a.m.7 views

EUVD-2026-41750

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 9:15 a.m.17 views

CVE-2026-14734

SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection flaw in the edit_product.php file (vulnerable function handling ID). The vulnerability arises from manipulating the ID parameter, enabling remote exploitation. Exploitation details are published (in-the-wild PoC), with ...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 9:0 a.m.16 views

CVE-2026-14733

CVE-2026-14733 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability involves manipulation of the ID parameter in /edit_coursea.php leading to SQL injection. It is exploitable remotely and the exploit is public. CVSS metrics indicate high impact with network access, low ...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.8 views

PT-2026-55822

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit room.php file where manipulating the ID argument allows for SQL injection, a technique used to interfere with the queries that an application...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55823

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit exam1.php file where a manipulation of the ID argument can lead to SQL injection, a technique used to interfere with the queries that an...

7.5CVSS7.2AI score0.00269EPSS
Exploits0References8
NVD
NVD
added 2026/07/04 9:17 p.m.8 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 9:0 p.m.30 views

CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
Rows per page
Query Builder