Lucene search
+L

961 matches found

Cvelist
Cvelist
added 2026/03/16 2:42 p.m.29 views

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 12:27 p.m.26 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 12:27 p.m.3 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25756

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS6AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.15 views

PT-2026-25797

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom dates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.8CVSS6.1AI score0.00329EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/13 8:56 p.m.14 views

SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB

Summary POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Details File: kernel/api/router.go Every sensitive endpoint i...

6.5CVSS6.1AI score0.00246EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 6:32 p.m.9 views

Hyperterse: Raw exposure of database statements in MCP search tool

Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.3 views

CVE-2019-25532 Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php

Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24971

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...

8.8CVSS5.9AI score0.00369EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/11 6:34 a.m.1 views

CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

9CVSS6AI score0.00442EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25180

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...

7.1CVSS6.1AI score0.00194EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 7:18 a.m.36 views

CVE-2026-29073

Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.

8.8CVSS5.8AI score0.00323EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/06 7:18 a.m.8 views

CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access

SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...

7.1CVSS5.7AI score0.00323EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.13 views

PT-2026-23698

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Ashop Shopping Cart SQL注入漏洞

Ashop Shopping Cart is a e-commerce platform developed by the Ashop company. The Ashop Shopping Cart has a SQL injection vulnerability. This vulnerability stems from the shop parameter being subject to SQL injection attacks, which may allow unverified attackers to manipulate database queries and...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/03/02 7:16 p.m.14 views

CVE-2026-26710

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php...

9.8CVSS0.00337EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22360

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
CVE
CVE
added 2026/02/24 3:58 p.m.28 views

CVE-2025-13776

CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...

8.6CVSS5.4AI score0.0015EPSS
Exploits0References2Affected Software6
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:50 a.m.4 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Pimcore SQL注入漏洞

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications for web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 11.5.14.1 and 12.3.2, as well as earlier...

6.9CVSS5.9AI score0.00457EPSS
Exploits1References4
Rows per page
Query Builder