Lucene search
+L

504 matches found

CNNVD
CNNVD
added 2025/10/13 12:0 a.m.9 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an SQL injection in the cpf parameter in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, whic...

8.8CVSS7.9AI score0.00399EPSS
Exploits1References3
OSV
OSV
added 2025/10/07 1:15 p.m.2 views

CVE-2025-40886

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

8.8CVSS6AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:35 p.m.8 views

EUVD-2025-32866

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

6CVSS7.5AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-1462

Malware in sbrugna...

7.5CVSS6.4AI score0.0123EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-2341

Malware in sbrugna...

7.5CVSS6.4AI score0.01211EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-48447

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.0073EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54926

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.02899EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-25020

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31386

Malicious code in bioql PyPI...

10CVSS9.4AI score0.01172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.21 views

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

6.5CVSS8.3AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/15 11:54 a.m.11 views

CVE-2025-54475 Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

8.7CVSS8.6AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 3:15 p.m.5 views

CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...

7.2CVSS0.01095EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/01 12:0 a.m.2 views

Online Farm System /forgot_pass.php File SQL Injection Vulnerability

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /forgotpass.php. An attacker can exploit this vulnerability to execute illeg...

9.8CVSS8.2AI score0.00498EPSS
Exploits1References1
Snyk
Snyk
added 2025/07/24 10:45 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the getLast API when processing user-supplied table names. An attacker can execute arbitrary SQL statements on the underlying database by sending crafted API requests, potentially resulting in data theft, corruption,...

9.8CVSS8.1AI score0.0076EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/13 12:0 a.m.4 views

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter Username in file /admin/index.php that lacks validation of an externally entered SQL statement. An attacker can...

9.8CVSS8.2AI score0.00491EPSS
Exploits1References6
OSV
OSV
added 2025/06/24 2:15 a.m.4 views

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

7.5CVSS6.1AI score0.01837EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/06/24 2:15 a.m.3 views

CVE-2025-34038

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...

8.7CVSS6.2AI score0.01837EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.7 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

9.4CVSS6AI score0.00537EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.7 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...

8.7CVSS6AI score0.02657EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

9.4CVSS6AI score0.00587EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder