Lucene search
K

3472 matches found

Positive Technologies
Positive Technologies
โ€ขadded 2026/06/09 12:0 a.m.โ€ข11 views

PT-2026-47763

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References6
CNNVD
CNNVD
โ€ขadded 2026/06/09 12:0 a.m.โ€ข11 views

WordPress plugin KittyCatfish SQLๆณจๅ…ฅๆผๆดž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/06/08 7:30 p.m.โ€ข26 views

CVE-2026-11584

CodeAstro Student Attendance Management System 1.0 contains an SQL injection in /attendance-php/Admin/createClass.php?action=edit caused by unsafely manipulated ID parameter. The vulnerability is exploitable remotely and, per sources, an exploit has been publicized. No remediation details are pro...

6.5CVSS5.4AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
โ€ขadded 2026/06/08 12:30 p.m.โ€ข11 views

EUVD-2026-35056

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Ubuntu
Ubuntu
โ€ขadded 2026/06/08 11:33 a.m.โ€ข11 views

USN-8395-1: Netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

9.9CVSS6.2AI score0.00516EPSS
Exploits0
EUVD
EUVD
โ€ขadded 2026/06/08 11:30 a.m.โ€ข14 views

EUVD-2026-35050

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
โ€ขadded 2026/06/08 4:0 a.m.โ€ข22 views

CVE-2026-11486

The CVE-2026-11486 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is in /archive1.php where manipulation of the argument sy leads to SQL injection. It enables remote exploitation, with the exploit publicly available. Documents do not specify affected versions beyo...

7.5CVSS7.1AI score0.00275EPSS
Exploits0References6
Vulnrichment
Vulnrichment
โ€ขadded 2026/06/08 12:30 a.m.โ€ข11 views

CVE-2026-11472 SourceCodester Class and Exam Timetabling System index1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/08 12:0 a.m.โ€ข14 views

PT-2026-47248

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists in the /archive1.php endpoint. This occurs when the sy argument is manipulated, allowing for remote exploitation. SQL injection is a techniq...

7.5CVSS7.4AI score0.00275EPSS
Exploits0References11
Packet Storm News
Packet Storm News
โ€ขadded 2026/06/08 12:0 a.m.โ€ข17 views

ProjeQtor 12.4.3 SQL Injection Validator for Login Endpoints

This Python script is a defensive validation tool designed to identify potential SQL injection indicators in login functionality without modifying database contents or attempting exploitation...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/08 12:0 a.m.โ€ข16 views

PT-2026-47439

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home salary.php. The manipulation of the argument rate/salary rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References9
Packet Storm
Packet Storm
โ€ขadded 2026/06/08 12:0 a.m.โ€ข82 views

๐Ÿ“„ Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution

Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...

6AI score0.00499EPSS
Exploits2
CVE
CVE
โ€ขadded 2026/06/07 7:15 a.m.โ€ข42 views

CVE-2026-11456

CVE-2026-11456 affects Chanjet CRM 1.0, specifically the HTTP GET Request Handlerโ€™s /tools/jxf_dump_systable.php. Manipulating the argument gblOrgID enables SQL injection, as described in the CVE. The vulnerability can be triggered remotely, and a publicly available exploit is indicated. Affected...

7.5CVSS7AI score0.0026EPSS
Exploits0References5
Cvelist
Cvelist
โ€ขadded 2026/06/06 3:15 p.m.โ€ข39 views

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:45 p.m.โ€ข14 views

CVE-2026-31380

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:24 p.m.โ€ข10 views

CVE-2026-8132

A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txtusername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be...

7.5CVSS7AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:20 p.m.โ€ข11 views

CVE-2026-41883

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS5.6AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:20 p.m.โ€ข12 views

CVE-2026-41328

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS5.5AI score0.00338EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:14 p.m.โ€ข12 views

CVE-2026-40845

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:13 p.m.โ€ข9 views

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder