Lucene search
K

1162 matches found

OSV
OSV
added 2026/03/08 1:16 p.m.6 views

CVE-2026-3736

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploi...

9.8CVSS5.7AI score0.00345EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/08 5:32 a.m.27 views

CVE-2026-3710 code-projects Simple Flight Ticket Booking System Adminadd.php sql injection

A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...

5.8CVSS0.00271EPSS
Exploits1References6
NVD
NVD
added 2026/03/07 6:16 a.m.6 views

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

6.1CVSS0.00252EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23706

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com playjoom&view=genre&catid=SQL to extract sensitive...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

AlmaLinux 9 : nginx:1.24 (ALSA-2026:3638)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/04 12:30 a.m.7 views

EUVD-2026-9339

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

5.8CVSS5.8AI score0.00351EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/03 9:2 p.m.4 views

CVE-2026-3486 itsourcecode College Management System student-fee.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument rollno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

5.8CVSS5.8AI score0.00318EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/02 2:49 p.m.5 views

CVE-2025-50189 Chamilo: Error-based SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

7.2CVSS5.9AI score0.00733EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/02 2:47 p.m.6 views

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS6AI score0.00708EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/02 2:32 a.m.7 views

EUVD-2026-9139

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

7.5CVSS6.8AI score0.00333EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-1198

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

8.6CVSS6AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 11:27 a.m.7 views

CVE-2026-1198 SQL Injection in SIMPLE.ERP

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

8.6CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

koa 输入验证错误漏洞

Koa.js is an open-source project developed by Koa.js, which uses Node.js as an expressive middleware. Versions of Koa prior to 3.1.2 and 2.16.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper parsing of the HTTP Host header, which could lead ...

7.5CVSS7.3AI score0.00334EPSS
Exploits1References3
NVD
NVD
added 2026/02/25 6:16 a.m.9 views

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

9.8CVSS0.00379EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 12:2 a.m.5 views

CVE-2026-3135

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS5.4AI score0.00333EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.17 views

PT-2026-21877

Name of the Vulnerable Software and Affected Versions itsourcecode News Portal Project version 1.0 Description A SQL injection issue exists due to the improper handling of the pagetitle argument in the processing of the /admin/contactus.php file. This allows for remote attacks. The exploit has be...

9.8CVSS7AI score0.00371EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.6 views

SonicWALL TZ Insufficient Verification of Data Authenticity (CVE-2022-47522)

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept possibly cleartext target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point such as authentication...

7.5CVSS5.5AI score0.00897EPSS
Exploits1References5
NVD
NVD
added 2026/02/22 3:16 p.m.8 views

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

9.8CVSS0.00331EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.9 views

UJCMS 安全漏洞

UJCMS is a Java open-source content management system developed by dromara. Version UJCMS 10.0.2 contains a security vulnerability, which stems from incorrect handling of parameters driverClassName/url in files/api/backend/ext/import-data/import-channel, potentially leading to injection attacks...

9.8CVSS6.6AI score0.00331EPSS
Exploits0References5
NVD
NVD
added 2026/02/19 6:24 p.m.7 views

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
Rows per page
Query Builder