Lucene search
K

1925 matches found

Nuclei
Nuclei
added 18 hours ago43 views

WordPress JoomSport <5.2.8 - SQL Injection

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

9.8CVSS7.3AI score0.04756EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago26 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7AI score0.02801EPSS
Exploits2References5
NVD
NVD
added yesterday4 views

CVE-2026-14687

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS0.00332EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14687

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added yesterday7 views

EUVD-2026-41709

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
CVE
CVE
added yesterday8 views

CVE-2026-14687

Affected software: 666ghj BettaFish (≤1.2.1). Vulnerable component: InsightEngine search-result Deduplication, specifically function _deduplicate_results in InsightEngine/agent.py. Root cause: manipulation can cause partial string comparison. Impact: remote exploitation possible. Publicly disclos...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
Cvelist
Cvelist
added yesterday34 views

CVE-2026-14687 666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS0.00332EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39775

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-3472

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:42 p.m.30 views

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:42 p.m.13 views

CVE-2026-3472

CVE-2026-3472 affects Mattermost where specific versions (10.11.x &lt;= 10.11.18, 11.6.x &lt;= 11.6.3, 11.5.x

3.5CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 6:34 p.m.16 views

EUVD-2026-31483

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 1:47 p.m.30 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:47 p.m.7 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:47 p.m.33 views

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:47 p.m.4 views

EUVD-2026-39408

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:47 p.m.5 views

EUVD-2026-39409

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:4 p.m.5 views

CVE-2017-20266

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.4 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

5.2AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder