Lucene search
K

246 matches found

CVE
CVE
added 3 days ago22 views

CVE-2026-6939

The CVE-2026-6939 entry concerns the CorvusPay WooCommerce Payment Gateway for WordPress. It is vulnerable to Unauthenticated Stored Cross-Site Scripting via the approval_code parameter in all versions up to 2.7.4 due to insufficient input sanitization and output escaping. An unauthenticated REST...

7.2CVSS6.2AI score0.00324EPSS
Exploits0References11
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42170

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-9700 Eventer <= 4.4.2 - Unauthenticated SQL Injection via 'code' Parameter

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-9700

The CVE covers the WordPress Eventer plugin vulnerability up to version 4.4.2, caused by insufficient escaping of the user-supplied code parameter and inadequate SQL query preparation. This enables time-based SQL injection by unauthenticated attackers to append additional SQL to existing queries ...

7.5CVSS6AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.22 views

PT-2026-46960

Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

BlenderMCP 代码注入漏洞

BlenderMCP is a 3D modeling control tool developed by ahujasid that connects Blender with AI. Versions of BlenderMCP 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b and earlier have a code injection vulnerability. This vulnerability stems from the handling of the code parameter in the executeblendercode...

6.5CVSS5.5AI score0.00178EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin HBook 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/24 12:0 a.m.17 views

CVE-2026-9344 Edimax EW-7438RPn webs formWpsStart stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed...

9CVSS0.00445EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.11 views

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.00569EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:43 p.m.14 views

CVE-2021-47938

ImpressCMS 1.4.2 suffers a remote code execution (RCE) in the autotasks admin interface. An authenticated attacker can send a crafted sat_code payload via POST to /modules/system/admin.php?fct=autotasks&op=mod, resulting in creation of an executable file that accepts arbitrary commands through GE...

8.8CVSS6.6AI score0.00569EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

8.8CVSS6.7AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.16 views

PT-2026-39513

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat code parameter. Attackers can authenticate, submit a POST request to...

8.8CVSS6.6AI score0.00569EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.10 views

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

9.8CVSS5.9AI score0.00319EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-33235

Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...

9.1CVSS6.1AI score0.01762EPSS
Exploits1References10
NVD
NVD
added 2026/04/10 3:16 p.m.3 views

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

9.8CVSS0.00319EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31930

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

5.9AI score0.00319EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

itsourcecode Construction Management System SQL注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “code” in th...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.3 views

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.8 views

CVE-2026-4783

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter coursecode in the file...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
Rows per page
Query Builder