Lucene search
K

2826 matches found

Nuclei
Nuclei
added 18 hours ago88 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
Cvelist
Cvelist
added yesterday35 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday31 views

CVE-2026-15498 sergomanov SmartHomeAdatum Login users.php sql injection

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-4661 WP CTA <= 2.2.2 - Unauthenticated Time-Based Blind SQL Injection via 'fildname' Parameter

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS0.00326EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43122

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS6.1AI score0.00352EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-2397 SQLi in AdamPOS' MobilMen 20T

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS0.00265EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-15104

Summary: CVE-2026-15104 affects the WordPress plugin “BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot” up to version 4.6.0. The vulnerability is a generic SQL Injection via the ‘lang’ parameter, caused by insufficient escaping of user input and lack of proper preparat...

6.5CVSS6.1AI score0.0026EPSS
Exploits0References5
Patchstack
Patchstack
added 4 days ago4 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...

6.5CVSS6AI score0.0026EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56410

Name of the Vulnerable Software and Affected Versions Mediküm Web versions prior to 08072026 Description Mediküm Web contains an SQL injection flaw resulting from improper neutralization of special elements used in SQL commands. This occurs due to inadequate input validation or parameterization,...

9.8CVSS6.5AI score0.00266EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1151 Apache Airflow MySQL Provider is Vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not...

6.3CVSS6AI score0.00797EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/06 12:59 p.m.4 views

WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Kirki versions = 6.0.12...

9.3CVSS6AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/06 7:21 a.m.5 views

EUVD-2026-41822

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 12:30 a.m.8 views

EUVD-2026-41786

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 4:30 p.m.37 views

CVE-2026-14764 code-projects Hotel and Tourism Reservation Event Management add_event.php sql injection

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 2:16 p.m.7 views

CVE-2026-14754

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 8:30 a.m.36 views

CVE-2026-14731 itsourcecode Hospital Management System patientreport.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55761

Name of the Vulnerable Software and Affected Versions code-projects Internship Management System version 1.0 Description An issue exists in the Employer Login Endpoint within the file employer/login.php. The manipulation of the email and password arguments allows for SQL injection, which is a...

7.5CVSS7.1AI score0.00263EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55812

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Room Management Page component within the file /admin/rooms.php. A remote attacker can perform a SQL injection—a technique used to manipulate a database...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References9
CVE
CVE
added 2026/07/04 8:45 p.m.18 views

CVE-2026-14653

SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 7:16 p.m.9 views

CVE-2026-14641

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS0.00416EPSS
Exploits0References7
Rows per page
Query Builder