Lucene search
K

8282 matches found

Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.7 views

PT-2025-7708 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1 Description: The issue allows an attacker to retrieve data from the databa...

9.6CVSS8.1AI score0.00418EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.2 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a SQL injection vulnerability that stems from the use of uncompiled statements, which can be exploited by an attacker to retrieve database data via a specially designed sorting...

9.6CVSS7.9AI score0.00418EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

NovaCHRON Zeitsysteme Smart Time Plus 安全漏洞

NovaCHRON Zeitsysteme Smart Time Plus is a time only management program from NovaCHRON Zeitsysteme. A security vulnerability exists in NovaCHRON Zeitsysteme Smart Time Plus versions prior to v8.x through v8.6, which stems from a SQL injection vulnerability in the getCookieNames method...

9.8CVSS7.5AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

NovaCHRON Zeitsysteme Smart Time Plus 安全漏洞

NovaCHRON Zeitsysteme Smart Time Plus is a time management only program from NovaCHRON Zeitsysteme. A security vulnerability exists in NovaCHRON Zeitsysteme Smart Time Plus versions prior to v8.x through v8.6, which stems from a SQL injection vulnerability in the addProject method...

5.4CVSS7.5AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

Agito Computer Health4All SQL注入漏洞

Agito Computer Health4All is a health management program from Agito Computer. A SQL injection vulnerability exists in Agito Computer Health4All versions prior to 10.01.2025 that stems from improper neutralization of special elements in SQL commands...

8.8CVSS7.8AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.5 views

PT-2025-7717 · Agito Computer · Health4All

Name of the Vulnerable Software and Affected Versions: Agito Computer Health4All versions prior to 10.01.2025 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

8.8CVSS8.3AI score0.00385EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/02/23 4:32 p.m.3 views

WordPress Easy Quotes plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by NAWardRox Patchstack Alliance in WordPress Plugin Easy Quotes versions = 1.2.2...

9.3CVSS8.1AI score0.00468EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/02/23 12:0 a.m.3 views

Code-Projects Real Estate Property Management System 注入漏洞

Code-Projects Real Estate Property Management System is an open source real estate property management system from Code-Projects. An injection vulnerability exists in Code-Projects Real Estate Property Management System version 1.0. An attacker can exploit this vulnerability to perform SQL...

9.8CVSS7AI score0.00505EPSS
Exploits1References6
NCSC
NCSC
added 2025/02/21 12:54 p.m.3 views

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

7.5CVSS9.5AI score0.75782EPSS
Exploits6References3
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.3 views

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source content management system CMS for building websites for open source businesses using the PHP language. A security vulnerability exists in PbootCMS version 1.4.1, which stems from improper template parsing and leads to SQL injection...

5.1CVSS7.4AI score0.00245EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.2 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Personal Developer. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.14, which stems from unfiltered input in the personalizacaoupload.php endpoint, and can lead to SQL injection and data disclosure...

9.8CVSS7.6AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the EID parameter being directly connected to a SQL query without proper cleanup, which is susceptible to SQL injection...

9.3CVSS9.3AI score0.00583EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the CurrentFundraiser parameter being directly connected to a SQL query without sufficient cleanup, which can be exploited...

9.3CVSS9.4AI score0.00683EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.4 views

PT-2025-7382 · WordPress · Pollin

Name of the Vulnerable Software and Affected Versions: Pollin plugin for WordPress versions up to, and including, 1.01.1 Description: The issue allows unauthenticated attackers to perform SQL Injection via the question parameter due to insufficient escaping on the user-supplied parameter and lack...

4.9CVSS9.9AI score0.00483EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/02/18 11:55 p.m.6 views

WordPress LTL Freight Quotes – SAIA Edition plugin <= 2.2.10 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – SAIA Edition versions = 2.2.10...

7.5CVSS8.1AI score0.00736EPSS
Exploits3References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.2 views

PT-2025-27650 · Ооо 'Айди Технологии Управления' · Documino

Уязвимость платформы автоматизации процессов электронного документооборота Documino связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии путём отправки специально сформированного SQL-запроса...

9CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.3 views

LuxSoft LuxCal Web Calendar SQL注入漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A SQL injection vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.3.3M and prior to 5.3.3L, which originates from a SQL injection in retrieve.php and could lead...

9.8CVSS7.7AI score0.00439EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.2 views

WordPress plugin Simple Signup Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

6.5CVSS9.3AI score0.00359EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.2 views

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA has an access control error vulnerability that originates from the documentoexcluir.php page of the WeGIA application instance containing a SQL injection vulnerability...

10CVSS7.9AI score0.00542EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

WordPress plugin Distance Rate Shipping for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

8.5CVSS9.2AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder