Lucene search
K

31101 matches found

EUVD
EUVD
added 2026/06/29 12:0 p.m.8 views

EUVD-2026-40076

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-505 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

9.2CVSS6.1AI score0.01585EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-530 SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

9.8CVSS6.3AI score0.00492EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-MIN-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 9:16 a.m.12 views

CVE-2026-13551

A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 7:45 a.m.35 views

CVE-2026-13548 itsourcecode Hospital Management System doctortimings.php sql injection

A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /doctortimings.php. The manipulation of the argument editid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might...

6.5CVSS0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53277

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /insertbillingrecord.php endpoint. This occurs when the patientid argument is manipulated, allowing a remote attacker to execute arbitrary SQL...

6.5CVSS6.9AI score0.002EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 10:16 a.m.11 views

CVE-2026-13485

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 10:15 a.m.18 views

CVE-2026-13487

CVE-2026-13487 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in an unknown function of /archive.php caused by manipulation of the sy argument. It can be exploited remotely, and public exploit code is available. The CVSS-derived metrics indicat...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/28 9:45 a.m.8 views

EUVD-2026-39986

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53106

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /adminprofile.php endpoint. This occurs when the loginid variable is manipulated, allowing a remote attacker to execute unauthorized database...

5.8CVSS5.9AI score0.00214EPSS
Exploits0References12
CVE
CVE
added 2026/06/27 1:27 a.m.16 views

CVE-2026-13333

CVE-2026-13333 affects the Groundhogg WordPress plugin up to version 4.5.5. The issue is a generic SQL injection in the query[select] path caused by insufficient escaping and inadequate preparation of the SQL query, allowing an authenticated attacker with Sales Representative-level access or high...

6.5CVSS6AI score0.00344EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.40 views

CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0028EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:45 p.m.7 views

CVE-2026-0685

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS6.7AI score0.00726EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57663

CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57662

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57653

CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57653 WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57642

The CVE-2026-57642 entry documents a Contributor SQL Injection in the WordPress Gallery plugin, affected in versions up to 4.7.8. The vulnerability targets the Gallery plugin’s SQL queries (contributor-related flow) and is tracked with CVSS 3.1: Network attack vector, low attack complexity, privi...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39747

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder