Lucene search
+L

6837 matches found

EUVD
EUVD
added 5 hours ago4 views

EUVD-2025-210491

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS5.3AI score
Exploits0References2
Nuclei
Nuclei
added 10 hours ago41 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS5.6AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago95 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS5.9AI score0.01875EPSS
Exploits1References2
GithubExploit
GithubExploit
added yesterday24 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.8AI score
Exploits20
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

6AI score
Exploits20References2
NVD
NVD
added yesterday7 views

CVE-2026-9586

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-8297

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-16009

The provided Connected documents identify CVE-2026-16009 in itsourcecode Hospital Management System 1.0. Affected is an unknown function in /prescriptionorderdetail.php where manipulating the delid argument invokes SQL injection. The vulnerability can be exploited remotely, and public exploits ar...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References6
CVE
CVE
added 3 days ago19 views

CVE-2026-15907

The vulnerability CVE-2026-15907 affects H3C SecPath F1000-C8300 devices (firmware up to 20260522). It targets an unknown function at /webui/?g=log_fw_nbc_mail_jsondata, where manipulation of the subject parameter can cause SQL injection. The attack is remote, with a published exploit; the vendor...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44600

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago8 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-57831

CVE-2026-57831 describes an unauthenticated SQL injection in the Joomla extension DP Calendar (digital-peak.com) versions 8.18.0 through 10.11.2. The entry lists a high CVSS score (8.7) with network attack vector and no user interaction, indicating a potentially severe impact to confidentiality. ...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-48324 ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS0.00659EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability

...

8.8CVSS0.00921EPSS
Exploits0References1
CVE
CVE
added 4 days ago34 views

CVE-2026-54118

CVE-2026-54118 affects Microsoft SQL Server. The vulnerability arises from deserialization of untrusted data, enabling a network-based remote code execution by an authorized attacker. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, requiring low privileges...

8.8CVSS6.2AI score0.01287EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-15703

CVE-2026-15703 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability exists in /admin/userproductdeletequery.php where manipulating the user_id parameter enables SQL injection. It can be exploited remotely and the exploit is publicly available. CVSS metrics indicate h...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
Rows per page
Query Builder