Lucene search
K

61 matches found

EUVD
EUVD
added last week8 views

EUVD-2026-39699

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-56036

The CVE-2026-56036 entry describes an unauthenticated SQL injection affecting the WordPress plugin 결제 심플페이 (SimplePay) for versions <= 5.5.6. CVSSv3.1: 9.3 (CRITICAL), vectors: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. Impact is confidentiality high; integrity none; availability low. Affected softw...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 10:21 a.m.15 views

EUVD-2026-37872

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37621

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-22340

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36944

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49384

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.91 views

📄 ProjeQtor 12.4.3 SQL Injection

This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...

9.8CVSS5.6AI score0.00558EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.21 views

CVE-2026-40846

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.31 views

CVE-2026-40843

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:58 a.m.10 views

CVE-2026-40846 Authenticated SQLi in system view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:58 a.m.30 views

CVE-2026-40845 Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:53 a.m.18 views

CVE-2026-40829

CVE-2026-40829 describes an unauthenticated SQL Injection in the view.html.php UpdateParam function, exploitable by a high-privilege remote attacker. It can read the entire database and alter values in a non-critical table, leading to total confidentiality loss and some integrity loss. The connec...

7CVSS6AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:48 a.m.30 views

CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:38 a.m.31 views

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 9:51 a.m.9 views

WordPress Custom CSS JS PHP plugin <= 2.0.7 - Unauthenticated SQL Injection to RCE vulnerability

Unauthenticated SQL Injection to RCE vulnerability discovered by John Umoru in WordPress Plugin Custom css-js-php versions = 2.0.7...

7.3CVSS5.9AI score0.00753EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39315

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus versions prior to 9.1.11.001 Description The plugin fails to properly sanitize and escape a parameter before its use in a SQL query. This allows unauthenticated users to execute SQL injection attacks, which involve insertin...

6.1AI score0.00472EPSS
Exploits1References3
Rows per page
Query Builder