Lucene search
K

139 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.1 views

CVE-2019-25702

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

8.8CVSS6AI score0.00311EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.3 views

PT-2026-30503

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id project parameter. Attackers can send crafted requests with malicious SQL statements in the id project parameter to extract sensitive database...

8.8CVSS6AI score0.00311EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

OpenDocMan SQL注入漏洞

OpenDocMan is a free, web-based open-source document management system DMS from the OpenDocMan community. It aims to help companies meet ISO 17025 document management requirements. Version 1.3.4 of OpenDocMan contains a SQL injection vulnerability. This vulnerability allows unverified attackers t...

8.8CVSS5.8AI score0.00327EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/29 5:15 a.m.2 views

CVE-2026-5033

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewcostumer.php of the component Parameter Handler. The manipulation of the argument cosid results in sql injection. The attack may be performed from remot...

7.5CVSS6.9AI score0.00342EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:4 p.m.23 views

CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS0.00467EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

Zeeways Jobsite CMS SQL注入漏洞

Zeeways Jobsite CMS is a recruitment platform building tool developed by Zeeways Corporation. Zeeways Jobsite CMS has a SQL injection vulnerability. This vulnerability arises from SQL injection attacks, allowing unauthenticated attackers to inject SQL code through ID GET parameters and manipulate...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00409EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25516

The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Xooscripts XooGallery SQL注入漏洞

Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unverified attackers to manipulate database...

9.1CVSS5.8AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24996

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

8.8CVSS6.1AI score0.00315EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Netartmedia Jobs Portal SQL注入漏洞

Netartmedia Jobs Portal is an online recruitment website system operated by the Bulgarian company Netartmedia. Version 6.1 of Netartmedia Jobs Portal has a SQL injection vulnerability. This vulnerability stems from SQL injection in email parameters, which could allow unverified attackers to...

8.8CVSS5.8AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.28 views

CVE-2026-27684 SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

6.4CVSS0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23738

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.10.8 Rocket.Chat versions prior to 7.11.5 Rocket.Chat versions prior to 7.12.5 Rocket.Chat versions prior to 7.13.4 Rocket.Chat versions prior to 8.0.2 Rocket.Chat versions prior to 8.1.1 Rocket.Chat versions...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.2 views

CVE-2019-25500

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.9 views

CVE-2025-50188

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7.2CVSS6AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2026/02/22 1:43 p.m.10 views

CVE-2019-25391

CVE-2019-25391 affects Ashop Shopping Cart Software and involves a time-based blind SQL injection via the blacklistitemid parameter in the admin/bannedcustomers.php endpoint. Attackers can send crafted POST requests containing SQL payloads that use SLEEP to infer data from the database. The vulne...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 10:15 p.m.9 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:56 p.m.5 views

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

8.7CVSS5.4AI score0.00654EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:30 p.m.4 views

CVE-2026-25239

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

PhpIX SQL注入漏洞

PhpIX is a website building system developed by PhpIX Company in Thailand. PhpIX has a SQL injection vulnerability; this vulnerability stems from the id parameter in the productdetail.php file, which allows for SQL injections, potentially enabling remote attackers to manipulate database queries...

7.1CVSS5.9AI score0.00272EPSS
Exploits0References4
Rows per page
Query Builder