Lucene search
K

180 matches found

Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.16 views

PT-2026-41466

Name of the Vulnerable Software and Affected Versions Fuel CMS version 1.4.13 Description Authenticated attackers can manipulate database queries by injecting SQL code through the col parameter in the Activity Log interface. By sending requests to the 'logs' endpoint with malicious SQL payloads i...

7.1CVSS5.9AI score0.00226EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/13 8:38 p.m.8 views

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.2AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40579

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00322EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42742 WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/04 5:25 p.m.103 views

Blind_SQLI_FlaskProject

No d...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 7:4 a.m.133 views

Exploit for CVE-2026-6379

CVE-2026-6379 — WP Photo Album Plus :8080/?pageid=" --mode pr...

6AI score0.00472EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/14 12:6 a.m.17 views

Craft Commerce hasVariant/hasProduct Blind SQL Injection

Overview Craft Commerce’s ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the unset blocklist added to ElementIndexesController in GHSA-2453-mppf-46cj. The blocklist only strips top-level Yii2 Query properties where, orderBy, etc., but hasVariant and hasProduct pass throug...

8.7CVSS6AI score0.00304EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/09 9:31 p.m.5 views

EUVD-2023-60550

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...

8.8CVSS6AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

7.6CVSS0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39496

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

5.9AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.22 views

CVE-2026-39466 WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through = 2.4.7...

7.6CVSS0.00279EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/04/06 2:47 p.m.14 views

Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php

Vulnerability description not provided...

8.3CVSS5.8AI score0.00298EPSS
Exploits1
EUVD
EUVD
added 2026/03/31 6:31 p.m.4 views

EUVD-2026-17581

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

4.8CVSS6AI score0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/03/31 12:0 a.m.10 views

CVE-2026-30520

SourceCodester Loan Management System v1.0 contains a Blind SQL Injection in ajax.php (save_loan action) where the borrower_id parameter in a POST request is not properly sanitized. An authenticated attacker could inject SQL commands via this input. The affected component is the web application’s...

5.4CVSS6AI score0.0022EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 12:0 a.m.2 views

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

6AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.2 views

CVE-2026-33914

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS5.9AI score0.00425EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...

8.7CVSS6.2AI score0.0024EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 10:24 p.m.4 views

CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS6.2AI score0.00473EPSS
Exploits3References5
Rows per page
Query Builder