Lucene search
K

3908 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50935

Name of the Vulnerable Software and Affected Versions RPC Responsive Portfolio version 1.6.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.28 views

PT-2026-50873

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

10CVSS5.9AI score0.00416EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.8 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36788

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.6AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-48114

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 6:52 p.m.7 views

EUVD-2026-36795

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.23 views

PT-2026-49306

Name of the Vulnerable Software and Affected Versions Metacat versions 2.0.0 through 2.x Description Metacat contains an unauthenticated SQL injection in the '/harvesterRegistration' endpoint. The dbInsert function in HarvesterRegistration constructs an INSERT statement for the HARVEST SITE...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/12 9:47 a.m.27 views

CVE-2026-11849 IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...

9.8CVSS0.0035EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:47 a.m.8 views

CVE-2026-11849 IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...

9.8CVSS5.4AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 12:5 p.m.8 views

RLSA-2026:24348 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48728

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description API tokens used to authenticate REST API requests are stored as plaintext strings within the api tokens database table. An attacker with read access to the database, obtained via methods such a...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References6
CVE
CVE
added 2026/06/10 12:42 p.m.44 views

CVE-2026-52758

Summary: Ghidra before 12.1 suffers a SQL injection in the BSim filter types where user-supplied values are directly concatenated into SQL queries without escaping or parameterization. This enables remote attackers to inject arbitrary SQL via the BSim network query protocol, potentially reading, ...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-41029

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS5.6AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-68420

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

7.5CVSS5.3AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.6AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.7AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.7AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45545

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

8.2CVSS5.9AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.8CVSS5.9AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.13 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS5.8AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder