Lucene search
K

216716 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Openbiz PHP Framework SQL注入漏洞

Openbiz PHP Framework is an enterprise-level application development framework developed by jixian2003. Version 3.0.8 of Openbiz PHP Framework contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the username parameter, which may lead to SQL...

8.8CVSS5.9AI score0.00327EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Ory Hydra SQL注入漏洞

Ory Hydra is an OpenID connection tool developed by Ory. Versions of Ory Hydra prior to 26.2.0 had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

7.2CVSS6.4AI score0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28238

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...

9.8CVSS6AI score0.00498EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28190

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my account/delete.php. Performing a manipulation of the argument cos id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-28537

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is susceptible to a SQL injection issue in the objects/like.php file. The getLike method uses a prepared statement placeholder for users id but directly concatenates $this-videos id...

7.1CVSS6.1AI score0.00509EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28400

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...

7.7CVSS5.9AI score0.00373EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:0 a.m.1 views

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

5.9AI score0.00373EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...

7.7CVSS5.8AI score0.00373EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/26 12:0 a.m.1 views

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

6AI score0.00373EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28208

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...

7.5CVSS6.8AI score0.00325EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Wecodex Online Store System CMS SQL注入漏洞

Wecodex Online Store System CMS is a content management system for online stores developed by Wecodex. Version 1.0 of the Wecodex Online Store System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of email parameter inputs, which may lead to SQL...

8.8CVSS5.8AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28240

Name of the Vulnerable Software and Affected Versions Online Store System CMS version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries. This is achieved by sending POST requests to the 'index.php' endpoint with the action parameter set to...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006300 advisory. An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a...

8.1CVSS6AI score0.15602EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28236

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...

9.8CVSS6AI score0.00468EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 12:0 a.m.9 views

CVE-2026-30463

CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...

7.7CVSS5.9AI score0.00373EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Ory Kratos SQL注入漏洞

Ory Kratos is an open-source system developed by Ory, designed with developers in mind, featuring strong security measures and proven reliability. Prior to version 26.2.0, Ory Kratos had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which...

7.2CVSS6.4AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...

8.8CVSS6.7AI score0.00348EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28245

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter byCommentCreatedFrom and filter...

8.8CVSS6.2AI score0.00337EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.113 views

📄 OpenEMR 8.0.0.2 SQL Injection

OpenEMR versions prior to 8.0.0.3 contain a remote SQL injection vulnerability in the new search popup that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the new search popup functionality. CVE-2026-29187 - SQL Injection Vulnerabilit...

8.8CVSS5.9AI score0.00473EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28342

Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress versions prior to 3.0.5 Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the multiformid...

7.5CVSS6AI score0.00304EPSS
Exploits0References7
Rows per page
Query Builder