Lucene search
K

2762 matches found

Nuclei
Nuclei
added 3 days ago19 views

SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. id: CVE-2020-5766 info: name: SRS Simple Hits Counter 1.0.3-1.0.4...

7.5CVSS7.2AI score0.06052EPSS
Exploits3References2
Patchstack
Patchstack
added 6 days ago5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-12079

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-12077

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 6 days ago12 views

CVE-2026-12077

CVE-2026-12077 : The Dokan Pro plugin for WordPress (up to version 5.0.4) is vulnerable to a time-based SQL Injection via the latitude and longitude parameters. The root cause is insufficient escaping of user-supplied input and lack of proper preparation in the existing SQL query, enabling unauth...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39165

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-52192

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Metasploit
Metasploit
added last week89 views

BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner

This module detects BerriAI LiteLLM proxy servers affected by CVE-2026-42208, an unauthenticated SQL injection. During API-key verification the proxy interpolates the raw Authorization bearer value into a PostgreSQL query WHERE v.token = '' without parameterization. Because LiteLLM only hashes...

9.8CVSS6.2AI score0.84518EPSS
Exploits7
NVD
NVD
added 2026/06/23 7:16 a.m.9 views

CVE-2026-7842

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.8 views

EUVD-2026-38416

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.7 views

CVE-2026-7842

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Zabbix

The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field and exploit time-based blind SQL injections...

9.1CVSS7.4AI score0.76618EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.8 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37552

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS5.7AI score0.00322EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2026-12360

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS0.00322EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/15 9:57 p.m.56 views

Exploit for CVE-2026-54597

CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...

5.9AI score
Exploits1
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

6.2AI score0.00361EPSS
Exploits1References2
Rows per page
Query Builder