Lucene search
+L

3938 matches found

Nuclei
Nuclei
added 17 hours ago38 views

KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection

The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS8.8AI score0.13515EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago104 views

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

8.8CVSS8.6AI score0.05141EPSS
Exploits3References5
Nuclei
Nuclei
added 17 hours ago252 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS8.7AI score0.78812EPSS
Exploits7References4
NVD
NVD
added 3 days ago8 views

CVE-2026-46513

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, Frogman stored API tokens generated by Tools/CreateApiToken.php:33-36 as raw bin2hexrandombytes32 strings in ocapitokens, and Frogman.class.php:78 authenticated the X-Frogman-Token header by comparing it with the stor...

7.4CVSS0.00261EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-62361

CVE-2026-62361 affects listmonk prior to version 6.2.0. The vulnerability arises in the GET /api/subscribers/export endpoint, which injects a user-controlled query parameter into QuerySubscribersForExport without calling validateQueryTables, unlike GET /api/subscribers. An authenticated user with...

5.5CVSS6.2AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 4 days ago12 views

CVE-2026-12512

CVE-2026-12512 affects the Quotes Llama WordPress plugin prior to 3.1.6. The root cause is improper sanitization/escaping of a user-supplied parameter before it is used in a SQL query, enabling unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the databas...

8.6CVSS6.2AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 5 days ago11 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS0.00346EPSS
Exploits0References1
CVE
CVE
added 5 days ago35 views

CVE-2026-62422

CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...

10CVSS6.1AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS0.00346EPSS
Exploits0References1
Nuclei
Nuclei
added 5 days ago32 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.2AI score0.86706EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-58006

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13757 JetBrains YouTrack versions prior to 2025.3.148033 JetBrains YouTrack versions prior to 2025.2.148048 JetBrains YouTrack versions prior to 2025.1.148120 JetBrains YouTrack versions prior to...

10CVSS6.1AI score0.00346EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQ...

7.2CVSS5.9AI score0.00704EPSS
Exploits1References3
NVD
NVD
added 2026/07/10 7:17 p.m.10 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS0.00704EPSS
Exploits1References4
OSV
OSV
added 2026/07/10 7:17 p.m.7 views

UBUNTU-CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score0.00704EPSS
Exploits1References6
CVE
CVE
added 2026/07/10 5:56 p.m.23 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score0.00704EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/10 5:56 p.m.11 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score0.00704EPSS
Exploits1References4
Fedora
Fedora
added 2026/07/10 12:53 a.m.10 views

[SECURITY] Fedora 44 Update: php-8.5.8-1.fc44

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/07/09 10:18 p.m.37 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 3:16 p.m.6 views

CVE-2026-56292

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/07/09 1:49 p.m.4 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
Rows per page
Query Builder