Lucene search
K

353 matches found

OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.8AI score0.00363EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:25 p.m.6 views

EUVD-2019-20191

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:21 p.m.7 views

EUVD-2017-18998

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/18 5:48 a.m.9 views

EUVD-2026-37851

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS5.9AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-48875

Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...

9.3CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-40725

Unauthenticated PHP Object Injection in WooCommerce Product Filters 2.0.6 versions...

9.8CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-22332

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.23 views

CVE-2026-54811

CVE-2026-54811 : Affected software is the WordPress WP eMember plugin versions older than 10.9.4. The issue is an unauthenticated SQL Injection in the plugin, allowing an attacker with network access (no user credentials, no UI interaction) to potentially read or exfiltrate data. The CVSS metrics...

9.3CVSS5.7AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.31 views

CVE-2026-52706

CVE-2026-52706 : Unauthenticated PHP Object Injection in WordPress JetEngine plugin (versions ≤ 3.8.10). Affected component: JetEngine; vulnerability type: PHP Object Injection. Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8; network attack vector; no user inte...

9.8CVSS5.3AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.31 views

CVE-2026-49084

JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.13 views

CVE-2026-40758

The CVE concerns WordPress Léonie theme versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.21 views

CVE-2026-52715

GEO my WordPress plugin (WordPress)

9.3CVSS5.7AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS5.7AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

9.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39530

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS0.00296EPSS
Exploits0References1
Rows per page
Query Builder