Lucene search
+L

8818 matches found

CVE
CVE
added 2026/06/16 9:23 p.m.20 views

CVE-2026-49073

Summary: CVE-2026-49073 affects the WordPress plugin Directorist Booking (wpWax Directorist Booking) versions up to 3.0.3. The issue is an SQL Injection in the plugin, allowing blind SQL injection through improper neutralization of special elements in SQL commands. The CVSSBase score is 8.5 (HIGH...

8.5CVSS5.6AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.12 views

CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
CVE
CVE
added 2026/06/16 9:4 a.m.49 views

CVE-2026-49772

CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...

9.3CVSS5.6AI score0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/16 9:4 a.m.43 views

CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/16 9:4 a.m.15 views

EUVD-2026-37057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS5.7AI score0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

8.5CVSS5.6AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

6.2AI score0.00361EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

8.8CVSS0.00361EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49206

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 10:16 p.m.14 views

CVE-2026-47268

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:56 p.m.34 views

CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:56 p.m.33 views

CVE-2026-47268

Affected software/vector: Nezha Monitoring DDNS webhook feature (Nezha dashboard) in versions 0.20.0–

6.4CVSS5.4AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 12:31 a.m.10 views

EUVD-2026-36359

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 12:31 a.m.15 views

EUVD-2026-36360

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

9.3CVSS5.6AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 11:16 p.m.14 views

CVE-2026-45418

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

8.8CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 11:16 p.m.33 views

CVE-2026-45060

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

9.8CVSS0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:51 p.m.13 views

CVE-2026-45060 ClipBucket: Blind SQL Injection in progress_video.php

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

9.8CVSS5.7AI score0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:51 p.m.14 views

EUVD-2026-36368

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

9.8CVSS5.7AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:51 p.m.35 views

CVE-2026-45060 ClipBucket: Blind SQL Injection in progress_video.php

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

9.8CVSS0.00364EPSS
Exploits0References1
Rows per page
Query Builder