Lucene search
K

2762 matches found

Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.10 views

PT-2026-41565

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/05/16 4:16 p.m.11 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.38 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/16 3:25 p.m.7 views

EUVD-2020-31244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.10 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS6.2AI score0.00276EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/16 5:31 a.m.11 views

Exposure Of Sensitive Information

io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.11 views

PT-2026-41444

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.9 views

Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.8 views

Duplicate Advisory: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pq7-mfwh-xx2j. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the...

9.3CVSS5.6AI score0.00339EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/05/15 7:17 p.m.26 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01709EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:16 p.m.10 views

CVE-2021-47966

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.12 views

CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 6:36 p.m.24 views

CVE-2026-46364

phpMyFAQ prior to version 4.1.2 is affected by an unauthenticated SQL injection in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha(), where unsanitized User-Agent headers are interpolated into DELETE/INSERT queries. An attacker can target the public GET /api/captcha endpoint by...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.37 views

CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01709EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 6:36 p.m.16 views

EUVD-2026-30601

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.30 views

CVE-2021-47966 PHP Timeclock 1.04 SQL Injection via login.php

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 6:36 p.m.13 views

EUVD-2021-34819

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS5.9AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 5:41 p.m.10 views

EUVD-2026-30577

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00316EPSS
Exploits0References2
Rows per page
Query Builder