Lucene search
K

216673 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/28 10:30 p.m.30 views

CVE-2026-5018 code-projects Simple Food Order System Parameter register-router.php sql injection

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS0.00345EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 10:30 p.m.4 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS6.9AI score0.00345EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/28 10:30 p.m.1 views

CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00333EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 10:30 p.m.3 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS5.8AI score0.00333EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/28 10:30 p.m.31 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.3 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS6AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.2 views

CVE-2026-33755

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.4 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 12:30 p.m.2 views

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 12:16 p.m.2 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 11:30 a.m.8 views

CVE-2026-4996

CVE-2026-4996 affects Sinaptik AI PandasAI up to 0.1.4, specifically the pandasai-lancedb Extension’s lancedb.py functions (delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id). The issue is a SQL injection caused ...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/28 11:7 a.m.130 views

Sentinel-Web-Scanner

Sentinel-Web-Scanner...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00445EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

9.8CVSS6AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.2 views

SUSE CVE-2026-32750

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.11 views

SUSE CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder