Lucene search
K

6129 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 6:52 p.m.6 views

CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.8 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.29 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.9 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 7:32 p.m.5 views

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the DataHandler. An attacker can execute unauthorized database queries and gain elevated privileges by directly manipulating form definition records, bypassin...

8.7CVSS5.5AI score0.00244EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 7:32 p.m.18 views

TYPO3 CMS has Broken Access Control in its Form Framework

Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...

7.6CVSS6AI score0.00253EPSS
Exploits0References7Affected Software2
Snyk
Snyk
added 2026/06/12 7:32 p.m.4 views

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted files that execute...

8.8CVSS6.1AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:27 a.m.19 views

CVE-2026-48613

Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...

5.9CVSS6.7AI score0.00155EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/12 12:0 a.m.10 views

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/12 12:0 a.m.9 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.112 views

Linux Distros Unpatched Vulnerability : CVE-2026-11822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory...

8.5CVSS6.6AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.10 views

CVE-2026-45550

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 1:28 p.m.8 views

GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

6.5CVSS5.7AI score0.00018EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 7:16 a.m.17 views

CVE-2026-41699

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

9.8CVSS0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.35 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS0.0043EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.13 views

EUVD-2026-36212

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.10 views

CVE-2026-41699 Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0043EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.45 views

CVE-2026-41699

CVE-2026-41699 : Spring for GraphQL is affected by an Unsafe Deserialization flaw when processing paginated GraphQL queries (Connection fields). If the classpath contains specific deserialization-related classes, a crafted GraphQL request can lead to Remote Code Execution. Affected versions: Spri...

9.8CVSS5.7AI score0.0043EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder