Lucene search
K

2816 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40837

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 12:16 p.m.12 views

CVE-2026-4104

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:14 a.m.7 views

CVE-2026-4104

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS5.9AI score0.00302EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 9:49 a.m.8 views

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 1:26 a.m.44 views

CVE-2026-8653 MasterStudy LMS Pro Plus <= 4.8.20 - Authenticated (Instructor+) SQL Injection via 'columns' Parameter

The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

OSNexus QuantaStor SDS Manager 安全漏洞

OSNexus QuantaStor SDS Manager is a software-defined storage management platform developed by the American company OSNexus. There is a security vulnerability in OSNexus QuantaStor SDS Manager. This vulnerability stems from improper cleaning of the user name field in the login endpoint, allowing...

9.8CVSS5.8AI score0.00436EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46193

Name of the Vulnerable Software and Affected Versions TeknoPass versions 20210501 through 20260429 Description An authorization bypass exists due to a user-controlled SQL primary key issue, which allows for SQL Injection. SQL Injection is a technique where an attacker inserts malicious SQL code...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 5:45 p.m.29 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00313EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 4:30 p.m.13 views

EUVD-2026-33981

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 4:30 p.m.39 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2026-33819

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

7.5CVSS5.7AI score0.00318EPSS
Exploits0References7
NVD
NVD
added 2026/06/01 11:16 p.m.11 views

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS0.0025EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:0 p.m.8 views

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS5.6AI score0.0025EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/01 7:30 p.m.12 views

EUVD-2026-33756

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS5.6AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 5:5 p.m.16 views

EUVD-2026-33715

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

8.2CVSS6AI score0.00318EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/01 10:36 a.m.8 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.9...

9.3CVSS5.9AI score0.00229EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45271

A vulnerability has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add user check.php of the component User Creation Handler. The manipulation of the argument role leads to sql...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45396

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Rows per page
Query Builder