Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233808 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/29 4:18 p.m.5 views

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00034EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/05/29 4:18 p.m.8 views

CVE-2026-10105 agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6AI score0.00034EPSS
Exploits0References5
CVE
CVEadded 2026/05/29 4:18 p.m.14 views

CVE-2026-10105

CVE-2026-10105 affects agno 2.6.5, where the ClickHouse vector database backend exposes a SQL injection via the delete_by_metadata() method. The root cause is unsafe f-string interpolation in clickhousedb.py, enabling attackers to inject arbitrary SQL expressions through malicious metadata keys/v...

8.7CVSS6AI score0.00034EPSS
Exploits0References5
NVD
NVDadded 2026/05/29 4:16 p.m.11 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS0.00027EPSS
Exploits0References3
NVD
NVDadded 2026/05/29 4:16 p.m.7 views

CVE-2018-25404

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.10 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.8 views

CVE-2018-25395

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.9 views

CVE-2018-25392

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS0.00029EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.8 views

CVE-2018-25389

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'namakelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to...

8.8CVSS0.00086EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.10 views

CVE-2018-25390

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and...

8.8CVSS0.00086EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.12 views

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.8 views

CVE-2018-25386

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 4:16 p.m.7 views

CVE-2018-25385

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS0.0009EPSS
Exploits0References4
SUSE Linux
SUSE Linuxadded 2026/05/29 3:30 p.m.12 views

Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References36
EUVD
EUVDadded 2026/05/29 2:46 p.m.6 views

EUVD-2018-21926

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/29 2:46 p.m.5 views

CVE-2018-25404

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 2:46 p.m.6 views

CVE-2018-25404 The Open ISES Project 3.30A SQL Injection via add_facnote.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/29 2:46 p.m.29 views

CVE-2018-25404 The Open ISES Project 3.30A SQL Injection via add_facnote.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS0.0009EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/29 2:46 p.m.6 views

CVE-2018-25403 The Open ISES Project 3.30A SQL Injection via city_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/29 2:46 p.m.8 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder