354 matches found
Mailcow < 2026-03b - Href Link Injection
mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...
QNAP Photo Station < 6.0.3 - Remote Code Execution
QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...
CVE-2026-61428
PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...
CVE-2026-15300
CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...
EUVD-2026-42307
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-14809 PROG MIS|Prog Management System - SQL Injection
Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2026-57679
Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability
Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...
CVE-2026-34102
Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...
CVE-2026-34099
The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...
PT-2026-54735
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...
CVE-2026-56062
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
CVE-2026-56034
Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...
CVE-2026-54831
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
CVE-2026-54820
Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...
EUVD-2026-39721
Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...
CVE-2026-54827
CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...
EUVD-2026-39672
Unauthenticated SQL Injection in wpDataTables = 7.4 versions...
CVE-2026-54849
CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions <= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...