Lucene search
K

489 matches found

NVD
NVD
added 2026/06/29 2:16 p.m.12 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/19 5:11 p.m.19 views

CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:11 p.m.14 views

CVE-2019-25751

CVE-2019-25751 affects Joomla’s J-ClassifiedsManager component, version 3.0.5. The vulnerability is an SQL injection in the displayads flow that does not require authentication. An attacker can inject malicious SQL through POST parameters, specifically categorySearch, adType, and citySearch, to e...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/19 5:11 p.m.6 views

CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50987

Name of the Vulnerable Software and Affected Versions J-ClassifiedsManager version 3.0.5 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. By submitting crafted payloads to the 'displayads' component...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
NVD
NVD
added 2026/05/27 6:16 p.m.24 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 6:16 p.m.26 views

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

7.1CVSS0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.18 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.20 views

CVE-2026-48218

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

5.4CVSS0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.12 views

CVE-2026-48217

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

5.4CVSS0.00212EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.20 views

CVE-2026-48216

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

5.4CVSS0.00212EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.12 views

EUVD-2026-31317

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.42 views

CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

7.1CVSS0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 5:10 p.m.3 views

CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

7.1CVSS6.1AI score0.00214EPSS
Exploits0References5
OSV
OSV
added 2026/05/21 5:10 p.m.4 views

CVE-2026-48231 Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...

7.1CVSS6.1AI score0.00214EPSS
Exploits0References5
CVE
CVE
added 2026/05/21 5:10 p.m.20 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in ticketsmdb_import.php. An authenticated attacker can inject arbitrary JavaScript by passing unsanitized values through multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.44 views

CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31312

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 5:10 p.m.2 views

CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.1CVSS6AI score0.00212EPSS
Exploits0References5
Rows per page
Query Builder