Lucene search
K

13194 matches found

Nuclei
Nuclei
added yesterday83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday117 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.2AI score0.97405EPSS
Exploits21References5
Nuclei
Nuclei
added yesterday110 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.3AI score0.40874EPSS
Exploits1References1
Nuclei
Nuclei
added 2 days ago57 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7AI score0.36164EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago75 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.3AI score0.83284EPSS
Exploits24References5
NVD
NVD
added 3 days ago8 views

CVE-2026-15293

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56247

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...

8.7CVSS6.3AI score0.00235EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.18 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 11:19 a.m.17 views

CVE-2026-53690

Redeight CMS 1.0 is cited as vulnerable to an SQL Injection via the userEmail parameter on POST /admin/index.php. The root cause is lack of input sanitization and direct interpolation of user input into SQL queries without prepared statements, enabling unauthenticated remote attackers to run arbi...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:15 p.m.6 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

pgAdmin < 9.16 Multiple SQL Injections

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple SQL injection vulnerabilities: - Multiple SQL template sites across domain, domain-constraint, foreign-table, language, event-trigger, and view dialogs render user-supplied...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References5
CVE
CVE
added 2026/06/19 4:28 p.m.18 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:49 a.m.9 views

CVE-2026-12044

A flaw was found in pgAdmin 4. An authenticated user with specific permissions could exploit a SQL injection vulnerability by submitting a crafted description field in various dialog templates. This could allow the user to execute arbitrary SQL commands, potentially leading to arbitrary operating...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50956

Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.32 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.23 views

PT-2026-49288

Name of the Vulnerable Software and Affected Versions OpenSIPS Control Panel versions prior to 9.3.3 Description A Time-Based Blind SQL Injection in the alias management module allows authenticated attackers to execute arbitrary SQL commands. This occurs via the 'table' GET parameter in the 'alia...

8.8CVSS6.2AI score0.00361EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.31 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.10 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder