Lucene search
K

3928 matches found

CVE
CVE
added yesterday20 views

CVE-2026-62422

CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...

10CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday104 views

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

8.8CVSS7.1AI score0.05141EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday38 views

KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection

The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7AI score0.13515EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday30 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.2AI score0.86706EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago250 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQ...

7.2CVSS6.2AI score0.00677EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS0.00677EPSS
Exploits0References4
CVE
CVE
added 5 days ago14 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score0.00677EPSS
Exploits0References4
Fedora
Fedora
added 5 days ago9 views

[SECURITY] Fedora 44 Update: php-8.5.8-1.fc44

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.9AI score
Exploits0
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS0.00316EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-56292

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
CVE
CVE
added 6 days ago18 views

CVE-2026-56292

The CVE describes an SQL injection in the AcyMailing extension for Joomla, affecting versions older than 10.11.1. The underlying issue is a SQL query handling flaw in the AcyMailing component, allowing an attacker to achieve unauthorized database access and potential data leakage . Products: Joom...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42591

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/07/08 5:22 a.m.41 views

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

9.8CVSS7.3AI score0.96682EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 8:29 p.m.6 views

CVE-2026-53730 DataEase: Unauthorized Access to Engine Database via previewSql Endpoint

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 7:21 a.m.30 views

CVE-2026-14809 PROG MIS|Prog Management System - SQL Injection

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.00437EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:9 a.m.5 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.5 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00339EPSS
Exploits0References6
Rows per page
Query Builder