Lucene search
+L

31171 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-45443

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /editsubject.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...

7.5CVSS7.1AI score
Exploits0References6
Nuclei
Nuclei
added 12 hours ago58 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.1AI score0.02316EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago93 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS8.8AI score0.15806EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago166 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS5.2AI score0.00932EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago36 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS8.8AI score0.01643EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago38 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
OSV
OSV
added 2 days ago4 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.1CVSS6AI score0.00432EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2 days ago11 views

oapi-codegen: OpenAPI Server Description Escapes Generated Go Comment and Injects Executable Code

Summary The vulnerability in oapi-codegen seems to be similar with CVE-2026-22785, which is a generated-code injection issue where untrusted OpenAPI summary text is embedded into generated TypeScript MCP server source without proper escaping. oapi-codegen has a similar vulnerability in its server...

9.8CVSS6.2AI score0.00709EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60808

Name of the Vulnerable Software and Affected Versions GisLab Laboratory Management System versions 1.4.03 through 08072026 Description An unauthenticated SQL injection exists in the web application backend due to improper neutralization of special elements used in SQL commands. This occurs when...

9.8CVSS6AI score0.0026EPSS
Exploits0References3
CVE
CVE
added 3 days ago17 views

CVE-2026-58078

CVE-2026-58078 affects the Joomla extension Quix Page Builder Pro (vulnerable

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-13767

CVE-2026-13767 affects the Quiz Master Next WordPress plugin up to version 11.2.0. The issue is a stored SQL injection in the quiz page data via the ‘pages’ parameter, persisted by qsm_ajax_save_pages() and interpolated into an IN() clause in qsm_options_questions_tab_content() without proper pre...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-45417

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 4 days ago27 views

CVE-2026-52887

NocoBase before version 2.0.61 is affected by CVE-2026-52887 due to a SQL injection in the in-app notification plugin. The flaw occurs in GET /api/myInAppChannels:list where filter[latestMsgReceiveTimestamp][$lt] is interpolated into a Sequelize.literal() without escaping or parameter binding, en...

10CVSS6.2AI score0.00593EPSS
Exploits0References3
CVE
CVE
added 4 days ago12 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 4 days ago7 views

CVE-2026-45417 DataEase: SQL injection vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS6.2AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 4 days ago4 views

CVE-2026-55723

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS5.7AI score
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-55723

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-44599

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
Rows per page
Query Builder