Lucene search
K

234 matches found

NVD
NVD
added last week6 views

CVE-2026-14809

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.00437EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-14809

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34105

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.12 views

CVE-2026-34103

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:11 p.m.7 views

EUVD-2026-41058

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:10 p.m.6 views

CVE-2026-34100

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 4:8 p.m.35 views

CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.58 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.99597EPSS
Exploits3References4
EUVD
EUVD
added 2026/06/19 3:27 p.m.6 views

EUVD-2017-18982

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 1:16 p.m.12 views

CVE-2017-20247

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.17 views

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.8AI score0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:4 p.m.19 views

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ‘genre’ parameter, which may allow unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/20 4:16 a.m.21 views

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.00539EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:39 a.m.26 views

CVE-2026-9003

CVE-2026-9003 concerns TONNET’s E-LAN Hybrid Recording System, which is reported to have an unauthenticated SQL Injection vulnerability that lets an attacker inject arbitrary SQL commands to read database contents. The connected documents do not specify affected product versions, exact vulnerable...

8.7CVSS6AI score0.00539EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 2:39 a.m.15 views

EUVD-2026-31046

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6AI score0.00539EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 12:4 a.m.8 views

EUVD-2026-25742

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder