Lucene search
K

354 matches found

Nuclei
Nuclei
added 11 hours ago19 views

Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

2.1CVSS6.1AI score0.00805EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago24 views

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

9.8CVSS7.4AI score0.82966EPSS
Exploits8References1
CVE
CVE
added 2 days ago16 views

CVE-2026-61428

PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-15300

CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42307

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS6AI score0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 7:21 a.m.29 views

CVE-2026-14809 PROG MIS|Prog Management System - SQL Injection

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.00437EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:5 p.m.9 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57679

Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...

9.3CVSS5.8AI score0.00247EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/01 7:59 p.m.4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:11 p.m.10 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56062

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56034

Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-54820

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39721

Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-54827

CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39672

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.23 views

CVE-2026-54849

CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions &lt;= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Rows per page
Query Builder