457916 matches found
EUVD-2026-37049
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
CVE-2026-52712
CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...
CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
EUVD-2026-37047
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2026-39581
CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions
EUVD-2026-37046
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-39574
CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...
CVE-2026-39574 WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
CVE-2026-5416 Command Injection via name parameter
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...
CVE-2026-5416
The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...
EUVD-2026-37042
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...
CVE-2026-8444
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...
SUSE-SU-2026:2408-1 Security update for perl-HTTP-Daemon
This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
Apache Log4j2 Remote Code Injection
Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...
Hikvision IP camera/NVR - Remote Command Execution
Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
Atlassian Bitbucket - Remote Command Injection
Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...