Lucene search
K

500 matches found

CVE
CVE
added 2026/05/30 2:55 p.m.16 views

CVE-2018-25415

AiOPMSD Final 1.0.0 is affected by an SQL injection via the director parameter. An unauthenticated attacker can send crafted SQL payloads to director.php (GET) to extract sensitive data such as usernames, database names, and version details. CVSS metrics: v3.1 base score 8.2 (HIGH) with Network v...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the q parameter, which may allow unauthenticated attackers to execute arbitrary SQ...

8.8CVSS6.2AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.35 views

CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.36 views

CVE-2018-25401 The Open ISES Project 3.30A SQL Injection via sever_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to severgraph.php with crafted SQL payloads to extract sensitive databas...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.19 views

CVE-2018-25400

The CVE-2018-25400 entry concerns the Open ISES Project 3.30A and an SQL injection via the id parameter in the ajax/form_post.php endpoint. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and exfiltrate data (e.g., database schema names) through crafted GET req...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.24 views

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection in boards_buttons/update_release.php via the release_id parameter. The release_id value is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send a crafted GET request (Union-based payload) to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.15 views

CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.9 views

CVE-2018-25340 Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/05/20 12:0 a.m.3 views

The vulnerability of the implementation of the ALTER SUBSCRIPTION...REFRESH PUBLICATION command in the PostgreSQL database management system allows a attacker to execute arbitrary SQL queries.

The vulnerability of the ALTER SUBSCRIPTION...REFRESH PUBLICATION command in PostgreSQL database management systems lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

3.7CVSS6AI score0.0018EPSS
Exploits0References8Affected Software5
BDU FSTEC
BDU FSTEC
added 2026/05/20 12:0 a.m.3 views

The vulnerability of the pg_createsubscriber function in the PostgreSQL database management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the pgcreatesubscriber function in the PostgreSQL database management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS6AI score0.00287EPSS
Exploits0References7Affected Software5
CVE
CVE
added 2026/05/19 12:59 p.m.17 views

CVE-2026-42096

Technical details for CVE-2026-42096 are not provided in the supplied documents. Monitor for updates from vendors and CVE databases.

8.8CVSS6AI score0.00598EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41361

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 had an SQL injection vulnerability. This vulnerability stems from the SQL injection in the CurrentUser::setTokenData function, which could allow authenticated attackers to execu...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:25 p.m.10 views

GHSA-JJ54-R8GM-2FCF dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbatim to...

3.1CVSS6AI score0.00042EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 2:16 p.m.9 views

UBUNTU-CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6.1AI score0.0018EPSS
Exploits0References5
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.34 views

Vulnerability in core server (CVE-2026-6638)

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at...

8.8CVSS6.2AI score0.0018EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 11:0 p.m.8 views

EUVD-2026-29873

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 11:0 p.m.35 views

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

7.1CVSS6AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder