Lucene search
K

457916 matches found

EUVD
EUVD
added 2026/06/16 9:0 a.m.7 views

EUVD-2026-37049

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.11 views

CVE-2026-52712

CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...

7.6CVSS5.7AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.26 views

CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.6 views

EUVD-2026-37047

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS5.8AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.8 views

CVE-2026-39581

CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions

8.5CVSS5.7AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.7 views

EUVD-2026-37046

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.17 views

CVE-2026-39574

CVE-2026-39574 : Unauthenticated SQL injection in the WordPress InPost Gallery plugin, affected versions ≤ 2.1.4.6. Root cause and exact exploit details are not provided in the documents; CVSS v3.1 base score 9.3 (CRITICAL, NETWORK, no privileges required, user interaction: none). No remediation ...

9.3CVSS5.7AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.28 views

CVE-2026-39574 WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 8:34 a.m.5 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:32 a.m.8 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 8:18 a.m.27 views

CVE-2026-5416 Command Injection via name parameter

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:18 a.m.13 views

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

8.8CVSS5.4AI score0.00771EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 8:18 a.m.9 views

EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS5.5AI score0.00771EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 a.m.11 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 7:57 a.m.3 views

SUSE-SU-2026:2408-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...

9.1CVSS5.2AI score0.01231EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.5 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

Apache Log4j2 Remote Code Injection

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...

10CVSS8AI score0.99999EPSS
Exploits347References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.717 views

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

9.8CVSS8.5AI score0.99869EPSS
Exploits23References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.434 views

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

10CVSS7.4AI score0.98326EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.58 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS9AI score0.99174EPSS
Exploits24References5
Rows per page
Query Builder