Lucene search
K

5831 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.004EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43281

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
CVE
CVE
added yesterday13 views

CVE-2026-57771

CVE-2026-57771 concerns the WordPress plugin for Milan Petrovic’s GD Rating System. Connected sources confirm the vulnerability as a SQL Injection flaw in the GD Rating System plugin, affecting versions up to 3.7 (<=3.7). The root cause is improper neutralization of inputs used in SQL commands...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57739

CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57714

CVE-2026-57714 is a SQL injection vulnerability in the WordPress LatePoint plugin (versions up to and including 5.6.3). The issue arises from improper neutralization of SQL elements, enabling Blind SQL Injection. The affected component is the LatePoint plugin for WordPress; no vendor/version deta...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday89 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43229

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15494 AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS0.00202EPSS
Exploits0References5
CVE
CVE
added 3 days ago13 views

CVE-2026-60090

CVE-2026-60090 affects PraisonAI prior to 4.6.78, exposing a SQL/CQL injection risk via the vector dimension in the PGVector and Cassandra knowledge-store backends. The root cause is that the caller-controlled dimension value is interpolated into the generated CREATE TABLE DDL without runtime enf...

9.8CVSS6.1AI score0.0041EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-4661

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS0.00326EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43066

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0...

6.1AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42972

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score0.00677EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42965

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS6.1AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-56689

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-59834

SiYuan URI: The vulnerability affects the block search endpoint POST /api/search/fullTextSearchBlock prior to version 3.7.1. An attacker-controlled paths value is concatenated into SQL predicates used by non-SQL search modes, enabling an unauthenticated publish visitor to inject a UNION SELECT an...

7.5CVSS6AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42223

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

9.8CVSS6AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56410

Name of the Vulnerable Software and Affected Versions Mediküm Web versions prior to 08072026 Description Mediküm Web contains an SQL injection flaw resulting from improper neutralization of special elements used in SQL commands. This occurs due to inadequate input validation or parameterization,...

9.8CVSS6.5AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

0.00157EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-55635

DataEase contains an authenticated SQL injection in chart quota filters prior to version 2.10.24. The vulnerability arises when quota and Y-axis filters embed attacker-controlled values directly into generated SQL within Quota2SQLObj.getYWheres(), without applying the SQL literal validation and e...

8.7CVSS6AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder