Lucene search
K

45 matches found

Cvelist
Cvelist
added 2026/07/02 7:56 p.m.34 views

CVE-2026-58466 AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user()

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS0.00505EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:22 p.m.5 views

CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS6AI score0.00182EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:22 p.m.5 views

CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS5.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2026-56251 Capgo - Privilege Escalation via Broken Row Level Security in org_users

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

7CVSS0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51222

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A broken row level security RLS policy in the org users table allows authenticated users to elevate their privileges from admin to super admin. This insufficient RLS enforcement enables attackers to...

7CVSS5.9AI score0.00246EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.13 views

CVE-2026-7467

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.25 views

PT-2026-42073

Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References6
NVD
NVD
added 2026/05/14 7:16 p.m.49 views

CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS0.00612EPSS
Exploits5References1
Snyk
Snyk
added 2026/04/21 11:15 a.m.6 views

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 10:4 a.m.4 views

EUVD-2026-24081

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

7.3CVSS5.8AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33927

Name of the Vulnerable Software and Affected Versions TYPO3 CMS version 14.2.0 Description Changing backend users passwords through the user settings module causes the cleartext password to be stored in the uc and user settings fields of the be users database table. Recommendations At the moment,...

7.5CVSS5.1AI score0.00167EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2026/02/05 11:48 a.m.149 views

sql-injection

SQL Injection Payloads List SQL Injection Payloads List...

5.7AI score
Exploits0
NVD
NVD
added 2026/01/29 3:16 p.m.10 views

CVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.7 views

CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5279

Name of the Vulnerable Software and Affected Versions Ultimate Project Manager CRM PRO version 2.0.5 Description A blind SQL injection allows attackers to extract usernames and password hashes from the tbl users database table. This is achieved by crafting malicious search parameters at the...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2025/12/05 5:15 p.m.7 views

CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

6.3CVSS6.7AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49132

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS8.3AI score0.00356EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/11 6:30 a.m.8 views

EUVD-2025-60927

The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-5940

Malware in sbrugna...

5.8CVSS7.8AI score0.02131EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-7242

Malware in sbrugna...

7.5CVSS7.3AI score0.01211EPSS
Exploits0References5
Rows per page
Query Builder