Lucene search
K

31121 matches found

Nuclei
Nuclei
added 12 hours ago163 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS6.1AI score0.00932EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
Nuclei
Nuclei
added 12 hours ago89 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.1AI score0.15806EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago53 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.02316EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago34 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7AI score0.01643EPSS
Exploits0References2
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-43622

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS6.5AI score
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-61955

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.004EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-59518

CVE-2026-59518 affects the WordPress Directorist plugin (Directorist) versions up to 8.8.2. It is a PHP object-injection vulnerability caused by deserialization of untrusted data, with CVSS v3.1 base score 9.8 (Network, Low attack complexity, No privileges, No user interaction; Confidentiality/In...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57714

CVE-2026-57714 is a SQL injection vulnerability in the WordPress LatePoint plugin (versions up to and including 5.6.3). The issue arises from improper neutralization of SQL elements, enabling Blind SQL Injection. The affected component is the LatePoint plugin for WordPress; no vendor/version deta...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57371 WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS0.00518EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday195 views

rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...

9.8CVSS7AI score0.99683EPSS
Exploits14References5
CVE
CVE
added 2 days ago15 views

CVE-2026-15494

AMTT Hotel Broadband Operation System 1.0 contains a SQL injection flaw in an unknown function of file manager/network/switch_status.php. Manipulating the argument ID remotely can lead to SQL injection. An exploit has been published and may be used; vendor contact occurred with no response. Docum...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-60090

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store createcollection backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value declared as int but not enforced at runtime is...

9.8CVSS0.0041EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-15081

CVE-2026-15081 affects Drupal Location Selector module (versions 0.0.0–1.3.0). The vulnerability arises from a Views filter that does not sufficiently sanitize user input, allowing improper neutralization of special elements in an SQL command (SQL Injection). Impact is_high confidentiality and in...

7.4CVSS6.1AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15081 Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

0.00194EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42972

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42965

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS6.1AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42840

The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
Rows per page
Query Builder