Lucene search
+L

503 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/02 4:19 p.m.8 views

CVE-2026-28399

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...

8.8CVSS6AI score0.00319EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.8 views

CVE-2026-24908

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...

9.9CVSS6.1AI score0.00491EPSS
Exploits1References1
CVE
CVE
added 2026/02/25 5:39 p.m.33 views

CVE-2026-23627

OpenEMR before v8.0.0 exposes an SQL Injection in the Immunization module. The vulnerability arises because user-supplied patient_id values are concatenated into SQL WHERE clauses without parameterization or escaping, allowing an authenticated user to execute arbitrary SQL. This can lead to compl...

8.8CVSS6.6AI score0.00779EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.16 views

PT-2026-21970

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Immunization module where user-supplied patient id values are directly incorporated into SQL...

8.8CVSS6.2AI score0.00779EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.8 views

NoviSmart CMS SQL注入漏洞

NoviSmart CMS is a content management system developed by the Austrian company NoviSmart. NoviSmart CMS has a SQL injection vulnerability, which stems from the SQL injection present in the Referer HTTP header field. This vulnerability could allow remote attackers to execute arbitrary SQL queries...

8.8CVSS6.1AI score0.0026EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/21 8:16 a.m.5 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2References5
CVE
CVE
added 2026/02/17 12:0 a.m.20 views

CVE-2025-67102

Jorani versions up to 1.0.4 contain a SQL injection vulnerability in the alldayoffs feature, exploitable by an authenticated attacker via the entity parameter to execute arbitrary SQL commands. Multiple sources (Red Hat, CVE listings, PT-Security advisory) concur that the issue stems from imprope...

7.6CVSS6.2AI score0.00221EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.8 views

PT-2026-8039

Name of the Vulnerable Software and Affected Versions PrestaShop Advanced Popup Creator module versions 1.1.26 through 1.2.6 Description A SQL Injection issue exists in the Advanced Popup Creator module for PrestaShop. The issue is due to unsanitized data being passed to SQL queries within the...

6.1AI score0.00358EPSS
Exploits0References5
OSV
OSV
added 2026/02/12 10:11 p.m.6 views

GHSA-XX7M-69FF-9CRP SurrealDB vulnerable to Denial of Service through scripting function memory edge case

In SurrealDB instances with the scripting capability enabled --allow-scripting, users with the ability to run arbitrary queries can trigger a server crash due to a memory-safety bug in the underlying JS engine. The SurrealDB instance terminates instantly, requiring a manual restart. The query...

6CVSS6.1AI score
Exploits0References6
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Flowring Docpedia SQL注入漏洞

Flowring Docpedia is a document management system developed by Flowring Corporation in China. Flowring Docpedia has a SQL injection vulnerability. This vulnerability arises from unvalidated remote attacks, allowing attackers to inject arbitrary SQL commands, potentially leading to the reading of...

8.7CVSS6AI score0.00462EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 6:16 p.m.5 views

CVE-2020-37105

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

7.1CVSS0.00221EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

Plikli CMS 4.0.0 Blind SQL Injection

A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...

6.2AI score
Exploits0
EUVD
EUVD
added 2026/02/01 12:15 p.m.7 views

EUVD-2021-34756

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

8.6CVSS6.2AI score0.00527EPSS
Exploits1References4
CVE
CVE
added 2026/02/01 12:15 p.m.14 views

CVE-2021-47915

Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....

8.8CVSS6.2AI score0.00527EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/22 1:15 a.m.9 views

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

9.8CVSS0.00353EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-12819)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-12819 advisory. - Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an...

8.1CVSS6.3AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 12:14 p.m.5 views

CVE-2025-14598 CVE-2025-14598

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database...

7.8AI score0.00689EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.7 views

BeeS BET e-Portal 安全漏洞

BeeS BET e-Portal is a faculty and exam management system from BeeS India. A security vulnerability exists in BeeS BET e-Portal that stems from a SQL injection in the login function, which could lead to the execution of arbitrary SQL commands...

9.8CVSS7.9AI score0.00689EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/17 7:10 p.m.5 views

EUVD-2025-203921

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/UserEditor.php file. When an administrator saves a user's configuration settings, the keys of the type POST parameter array are not properly sanitized or type-casted befor...

7.2CVSS7.8AI score0.00359EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51868

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the src/ListEvents.php file. The WhichType POST parameter is not properly sanitized before being used in SQL...

8.8CVSS7.8AI score0.00333EPSS
Exploits1References7
Rows per page
Query Builder