Lucene search
K

180 matches found

OSV
OSV
added 2026/02/27 1:33 p.m.5 views

CVE-2026-2751 Blind SQL Injection

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

8.3CVSS5.9AI score0.00271EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 1:33 p.m.40 views

CVE-2026-2751

CVE-2026-2751 affects Centreon Web on Central Server (Linux) in the Service Dependencies module. The root cause is a Blind SQL Injection due to unsanitized array keys during deletion of Service Dependencies. Affected versions are Centreon Web before 25.10.8, 24.10.20, and 24.04.24. The vulnerabil...

9.8CVSS6AI score0.00271EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/02/22 10:22 a.m.192 views

Exploit for CVE-2025-69295

CVE-2025-69295 — TeconceTheme Coven Core Blind SQL Injection Vul...

6.1AI score0.0041EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.4 views

CVE-2026-24956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through = 1.3.0...

5.8AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.24 views

CVE-2025-69366 WordPress Emerce Core plugin <= 1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: from n/a through = 1.8...

9.3CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 1:58 p.m.11 views

CVE-2026-2744

CVE-2026-2744 is rejected/not used; this CVE entry does not represent an active vulnerability.

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.11 views

PT-2026-8099

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.13 views

PT-2026-6650

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.73.0 Description Payload is a free and open source headless content management system. Prior to version 3.73.0, user input was directly embedded into SQL queries without proper escaping when querying JSON or richTex...

9.8CVSS5.7AI score0.00453EPSS
Exploits0References13
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.146 views

📄 Geeklog 2.2.1 Blind SQL Injection

A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...

6.2AI score
Exploits0
NVD
NVD
added 2026/01/29 3:16 p.m.9 views

CVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30915

Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search parameters to...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.15 views

CVE-2020-37004

Ultimate Project Manager CRM PRO 2.0.5 is affected by a blind SQL injection vulnerability in the /frontend/get_article_suggestion/ endpoint. An attacker can craft malicious search parameters to perform boolean-based inference and progressively extract usernames and password hashes from the tbl_us...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 5:35 p.m.5 views

CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3
CVE
CVE
added 2026/01/28 5:35 p.m.12 views

CVE-2020-36972

CVE-2020-36972 affects SmartBlog 2.0.1. The details controller’s id_post parameter is vulnerable to blind SQL injection, allowing an attacker to extract database information by character-by-character comparison via crafted SQL queries. This is the core vulnerability described across multiple sour...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.4 views

PT-2026-5163

Name of the Vulnerable Software and Affected Versions SmartBlog version 2.0.1 Description The software contains a blind SQL injection issue in the id post parameter of the details controller. This allows attackers to extract database information by injecting crafted SQL queries that compare...

8.8CVSS5.6AI score0.00282EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

WordPress plugin Nelio Content has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.5CVSS5.9AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2025-68017

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through = 1.0.10...

7.5CVSS0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4173

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through = 6.7...

5.6AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 5:27 p.m.3 views

EUVD-2026-3613

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3824

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder