Lucene search
+L

1798 matches found

Nuclei
Nuclei
added yesterday60 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS9.1AI score0.99609EPSS
Exploits3References4
CVE
CVE
added yesterday5 views

CVE-2026-51083

Proxmox VE is affected: incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users with limited privileges to obtain hashed passwords via the cloudinit/dump API. The root cause is an access-control issue in the cloudinit/dump endpo...

6.5CVSS5.3AI score
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-44174

Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...

8.7CVSS0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-44174 Kirby: Arbitrary Method Call via REST API search and collection query endpoints

Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...

8.7CVSS0.0028EPSS
Exploits0References3
NVD
NVD
added 3 days ago10 views

CVE-2026-52888

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...

6.8CVSS0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS0.00239EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-62361

CVE-2026-62361 affects listmonk prior to version 6.2.0. The vulnerability arises in the GET /api/subscribers/export endpoint, which injects a user-controlled query parameter into QuerySubscribersForExport without calling validateQueryTables, unlike GET /api/subscribers. An authenticated user with...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2026-62361 listmonk: SQL Injection in `/api/subscribers/export` bypasses table access control, leaking admin password hashes and SMTP credentials

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-52888 NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...

6.8CVSS0.00269EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-52888 NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-52888

NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

0.00268EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-12512

CVE-2026-12512 affects the Quotes Llama WordPress plugin prior to 3.1.6. The root cause is improper sanitization/escaping of a user-supplied parameter before it is used in a SQL query, enabling unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the databas...

8.6CVSS6.2AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-12512

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

8.6CVSS6.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-44595

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

8.6CVSS6.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43293

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

8.6CVSS6.2AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-12582

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

8.6CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

0.00262EPSS
Exploits0References1
Veracode
Veracode
added 2026/07/10 8:21 a.m.7 views

Improper Authorization

Leantime is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the Users::getUser JSON-RPC API, where authenticated users can retrieve sensitive credential data for arbitrary user accounts, allowing attackers to obtain password hashes, TOTP secrets,...

8.6CVSS6.2AI score0.0025EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/09 8:57 p.m.33 views

CVE-2026-55208 Pimcore: SQL Injection via Column Name in DateFilter allows authenticated user to extract arbitrary database data including admin password hashes

Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST...

7.7CVSS0.00249EPSS
Exploits0References5
Rows per page
Query Builder