Lucene search
+L

13202 matches found

nuclei
nuclei
added yesterday83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7AI score0.36114EPSS
Exploits1References5
nuclei
nuclei
added yesterday57 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7AI score0.36164EPSS
Exploits1References5
nuclei
nuclei
added yesterday121 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.2AI score0.97405EPSS
Exploits21References5
nuclei
nuclei
added yesterday76 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.3AI score0.83284EPSS
Exploits24References5
nuclei
nuclei
added yesterday114 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.3AI score0.40874EPSS
Exploits1References1
euvd
euvd
added 3 days ago7 views

EUVD-2026-43644

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
nvd
nvd
added last week8 views

CVE-2026-15293

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS0.00348EPSS
Exploits0References3
osv
osv
added 2026/07/08 1:49 p.m.5 views

CVE-2026-59257 n8n - SQL Injection in MySQL v1 executeQuery Operation via Expression Interpolation

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS6.3AI score0.00314EPSS
Exploits0References4
osv
osv
added 2026/07/08 12:0 a.m.3 views

CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

6.3CVSS7.2AI score0.00157EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.6 views

PT-2026-56247

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...

8.7CVSS6.3AI score0.00235EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.20 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
cve
cve
added 2026/06/30 11:19 a.m.19 views

CVE-2026-53690

Redeight CMS 1.0 is cited as vulnerable to an SQL Injection via the userEmail parameter on POST /admin/index.php. The root cause is lack of input sanitization and direct interpolation of user input into SQL queries without prepared statements, enabling unauthenticated remote attackers to run arbi...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/24 9:15 p.m.6 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/06/24 12:0 a.m.5 views

pgAdmin < 9.16 Multiple SQL Injections

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by multiple SQL injection vulnerabilities: - Multiple SQL template sites across domain, domain-constraint, foreign-table, language, event-trigger, and view dialogs render user-supplied...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References5
cve
cve
added 2026/06/19 4:28 p.m.22 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/19 3:49 a.m.10 views

CVE-2026-12044

A flaw was found in pgAdmin 4. An authenticated user with specific permissions could exploit a SQL injection vulnerability by submitting a crafted description field in various dialog templates. This could allow the user to execute arbitrary SQL commands, potentially leading to arbitrary operating...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50956

Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/15 12:0 p.m.32 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.17 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Rows per page
Query Builder