Lucene search
+L

8445 matches found

Nuclei
Nuclei
added yesterday95 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS5.9AI score0.01875EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2 days ago29 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.8AI score0.08946EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

6AI score0.08946EPSS
Exploits28References2
NVD
NVD
added 2 days ago8 views

CVE-2026-8297

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-9586 Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS6.7AI score0.00411EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-8297

CVE-2026-8297 describes an SQL injection in GisLab Laboratory Management System by Gis Informatics Engineering Consulting (Gis Informatics). Affected versions: 1.4.03 through 08072026. The issue is a generic SQL injection vulnerability with network attack vector, no user interaction, and no privi...

9.8CVSS5.7AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-16009

The provided Connected documents identify CVE-2026-16009 in itsourcecode Hospital Management System 1.0. Affected is an unknown function in /prescriptionorderdetail.php where manipulating the delid argument invokes SQL injection. The vulnerability can be exploited remotely, and public exploits ar...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 3 days ago8 views

CVE-2026-63397

remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...

7.1CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References6
CVE
CVE
added 4 days ago20 views

CVE-2026-15907

The vulnerability CVE-2026-15907 affects H3C SecPath F1000-C8300 devices (firmware up to 20260522). It targets an unknown function at /webui/?g=log_fw_nbc_mail_jsondata, where manipulation of the subject parameter can cause SQL injection. The attack is remote, with a published exploit; the vendor...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44600

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-48324 ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS0.00659EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-47992

CVE-2026-47992 affects Adobe Commerce and is described as an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. The flaw could allow arbitrary code execution in the context of the current user, with a high-privilege attacker potentially executing ma...

7.2CVSS6.5AI score0.19924EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability

...

8.8CVSS0.00921EPSS
Exploits0References1
CVE
CVE
added 5 days ago34 views

CVE-2026-54118

CVE-2026-54118 affects Microsoft SQL Server. The vulnerability arises from deserialization of untrusted data, enabling a network-based remote code execution by an authorized attacker. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, requiring low privileges...

8.8CVSS6.2AI score0.01287EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-15703

CVE-2026-15703 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability exists in /admin/userproductdeletequery.php where manipulating the user_id parameter enables SQL injection. It can be exploited remotely and the exploit is publicly available. CVSS metrics indicate h...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
CVE
CVE
added 5 days ago11 views

CVE-2026-15675

The vulnerability CVE-2026-15675 affects code-projects Online Job Portal 1.0. An unknown function in /Admin/EditUser.php processes the UserId argument, and manipulating it leads to SQL injection. It can be triggered remotely, and a published exploit exists. Impact targets confidentiality, integri...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder