Lucene search
K

2886 matches found

EUVD
EUVD
added 7 hours ago7 views

EUVD-2026-42163

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score
Exploits0References2
Nuclei
Nuclei
added yesterday53 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.2AI score0.02177EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00222EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-14809

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-14809

CVE-2026-14809 affects PROG MIS’s Prog Management System. The connected CVE records confirm an SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The description does not specify the exact vulnerable component, versi...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41774

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-14751

The vulnerability CVE-2026-14751 targets mjperpinosa stumasy via SQL injection in Notes_controller::search_scratch_data (file application/PHP/objects/notes/search_scratch_data.php). The exploit arises from manipulating the argument field_name, enabling remote execution of SQL. Public exploit is s...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41756

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 3 days ago13 views

CVE-2026-14745

Affected product: code-projects Real State Services 1.0. The vulnerability resides in the function handling the parameter in the file /single-list_rent.php, where manipulation of the ID argument leads to SQL injection. This can be exploited remotely; the exploit has been made publicly available. ...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41739

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-41711

A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-55797

Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote SQL injection is possible due to improper manipulation of the field name argument within the Notes controller::search scratch data function locate...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References9
NVD
NVD
added 4 days ago5 views

CVE-2026-14652

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41692

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References6
CVE
CVE
added 4 days ago10 views

CVE-2026-14638

Summary of the CVE-2026-14638 : A flaw exists in itsourcecode Hospital Management System 1.0, affecting an unknown function in the file /patient.php. Manipulation of the argument editid enables a possible SQL injection . The attack surface is described as remote, and the exploit has been publishe...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-14619

A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and ma...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References5
Rows per page
Query Builder