Lucene search
K

2904 matches found

NVD
NVD
added yesterday5 views

CVE-2026-61955

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-59515

CVE-2026-59515 affects the WordPress AIWU plugin (ai-copilot-content-generator) and is due to an improper neutralization of special elements in SQL commands , enabling Blind SQL Injection . Affected versions are WordPress AIWU plugin ≤ 1.5.4. The CVSS‑3.1 base score is 9.3 (CRITICAL) with network...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday13 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7AI score0.02177EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43199

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-15073

KiviCare – Clinic & Patient Management System (WordPress)

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

6.1AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42973

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searchbyfulltext method without escaping or parameterization. Attackers can inject malicious SQL throu...

8.8CVSS6.3AI score0.00357EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-15287

The CVE-2026-15287 entry affects the rtMedia plugin for WordPress, BuddyPress and bbPress. It describes a time-based SQL Injection via the order_by parameter in all versions up to and including 4.6.18, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Auth...

6.5CVSS6AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42636

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS6AI score0.00286EPSS
Exploits0References4
CVE
CVE
added 5 days ago17 views

CVE-2026-59224

Open WebUI vulnerability CVE-2026-59224 affects versions prior to 0.10.0. The issue: in backend/open_webui/routers/terminals.py, the ws_terminal upstream URL is built from an unencoded session_id and appends user_id as a query parameter, enabling query injection to make the terminal backend resol...

8CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-15134 CodeAstro Simple Online Leave Management System index.php sql injection

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 6 days ago9 views

CVE-2026-59257

This CVE affects n8n before 1.123.61 and 2.x before 2.27.4, specifically the legacy MySQL v1 node’s executeQuery operation. The root cause is that evaluated {{ ... }} expression values are substituted directly into the raw SQL string without parameterization, enabling SQL injection when a workflo...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-12936 Recurio <= 1.1.3 - Authenticated (Shop Manager+) SQL Injection via 'data' Parameter

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42163

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-39178

The CVE-2026-39178 issue affects SOGo up to version 5.12.6, where the contact search component exposes a SQL injection via the allContactSearch endpoint’s search parameter. The root cause is insufficient protection of the SQL query structure, enabling authenticated users to execute arbitrary SQL ...

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 6 days ago6 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:4 a.m.6 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00329EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder