Lucene search
K

2765 matches found

Positive Technologies
Positive Technologies
โ€ขadded 2026/05/02 12:0 a.m.โ€ข8 views

PT-2026-36592

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo mashup null fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References9
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/02 12:0 a.m.โ€ข14 views

PT-2026-36608

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object ids' and 'exclude object ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the...

7.5CVSS6AI score0.00328EPSS
Exploits0References6
CNNVD
CNNVD
โ€ขadded 2026/05/02 12:0 a.m.โ€ข11 views

WordPress plugin Geo Mashup SQLๆณจๅ…ฅๆผๆดž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00328EPSS
Exploits0References1
GithubExploit
GithubExploit
โ€ขadded 2026/05/01 2:51 p.m.โ€ข79 views

SQLInjection

Projekt Edukacyjny: Podatnoล›ci SQL Injection Niniejsze repozy...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/29 12:0 a.m.โ€ข12 views

PT-2026-37144

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
Packet Storm
Packet Storm
โ€ขadded 2026/04/20 12:0 a.m.โ€ข75 views

๐Ÿ“„ openDCIM 25.01 SQL Injection

openDCIM version 25.01 remote SQL injection exploit that can be leveraged to execute arbitrary code. ================================================================================================================================== | Title : openDCIM 25.01 Python Exploit โ€“ Authenticated &...

6.1AI score
Exploits0
GithubExploit
GithubExploit
โ€ขadded 2026/04/18 2:17 p.m.โ€ข110 views

sqli-research

๐Ÿ”ฌ sqli-research Time-Based Blind SQL Injection โ€” Riset, Po...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2026/04/18 7:22 a.m.โ€ข5 views

CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.8CVSS5.9AI score0.00328EPSS
Exploits1References1
Github Security Blog
Github Security Blog
โ€ขadded 2026/04/18 1:0 a.m.โ€ข13 views

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
โ€ขadded 2026/04/17 9:19 a.m.โ€ข5 views

WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability

Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References1Affected Software1
NVD
NVD
โ€ขadded 2026/04/17 2:16 a.m.โ€ข16 views

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS0.00462EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/04/17 1:24 a.m.โ€ข3 views

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS6AI score0.00462EPSS
Exploits0References13
EUVD
EUVD
โ€ขadded 2026/04/17 1:24 a.m.โ€ข6 views

EUVD-2026-23338

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS6AI score0.00462EPSS
Exploits0References12
Cvelist
Cvelist
โ€ขadded 2026/04/17 1:24 a.m.โ€ข30 views

CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS0.00462EPSS
Exploits0References12
Vulnrichment
Vulnrichment
โ€ขadded 2026/04/17 1:24 a.m.โ€ข4 views

CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS5.9AI score0.00462EPSS
Exploits0References12
CVE
CVE
โ€ขadded 2026/04/17 1:24 a.m.โ€ข17 views

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education is affected by CVE-2026-4817 (versions up to 3.7.25). A time-based blind SQL injection exists in the /lms/stm-lms/order/items REST API endpoint via the order/orderby parameters due to insufficient input sanitization and a desig...

6.5CVSS6AI score0.00462EPSS
Exploits0References12
Positive Technologies
Positive Technologies
โ€ขadded 2026/04/17 12:0 a.m.โ€ข7 views

PT-2026-33393

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

6.5CVSS6AI score0.00462EPSS
Exploits0References13
CNNVD
CNNVD
โ€ขadded 2026/04/17 12:0 a.m.โ€ข10 views

WordPress plugin MasterStudy LMS WordPress Plugin for Online Courses and Education ๅฎ‰ๅ…จๆผๆดž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.9AI score0.00462EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/04/16 6:16 p.m.โ€ข7 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS0.00325EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/04/16 6:16 p.m.โ€ข7 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS0.00328EPSS
Exploits1References2
Rows per page
Query Builder