Lucene search
+L

9942 matches found

cve
cve
added 6 hours ago8 views

CVE-2026-12753

The CVE-2026-12753 entry concerns the WordPress plugin “Advance Product Search- Voice & Ajax Search for WooCommerce” and its insecure handling of user input in the parameters 's' and 'match'. Affected versions are up to and including 1.4.4. The root cause is insufficient escaping and lack of prop...

7.5CVSS6.1AI score
Exploits0References5
nvd
nvd
added yesterday7 views

CVE-2026-57821

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS0.00286EPSS
Exploits0References3
cvelist
cvelist
added yesterday22 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

0.00194EPSS
Exploits0References1
nuclei
nuclei
added yesterday24 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
nuclei
nuclei
added yesterday20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
nuclei
nuclei
added yesterday38 views

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS7.2AI score0.98067EPSS
Exploits3References2
euvd
euvd
added 2 days ago4 views

EUVD-2026-44553

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS6.5AI score0.00695EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago21 views

CVE-2026-15703 SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS0.00328EPSS
Exploits0References6
nvd
nvd
added 2 days ago6 views

CVE-2026-15675

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
cvelist
cvelist
added 2 days ago26 views

CVE-2026-15676 code-projects Online Job Portal DeleteUser.php sql injection

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
cvelist
cvelist
added 2 days ago27 views

CVE-2026-15675 code-projects Online Job Portal EditUser.php sql injection

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
cve
cve
added 3 days ago9 views

CVE-2026-15559

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the POST handler: /SimpleOnlineLeave/admin/accept.php, caused by manipulating the argument appid. This allows remote exploitation and is publicly available. The CVE documents do not provide patch/version...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
cve
cve
added 3 days ago11 views

CVE-2026-15558

CodeAstro Simple Online Leave Management System 1.0 is affected by CVE-2026-15558. The vulnerability resides in /admin/deletemp.php where manipulation of the ID parameter leads to SQL injection. The issue allows remote exploitation, and public exploit disclosure increases risk. The CVSS metrics i...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
nvd
nvd
added 3 days ago7 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00253EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-57739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.00291EPSS
Exploits0References1
euvd
euvd
added 3 days ago6 views

EUVD-2026-43293

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

8.6CVSS6.2AI score0.00262EPSS
Exploits0References2
cve
cve
added 3 days ago14 views

CVE-2026-57773

The CVE-2026-57773 entry covers a SQL Injection vulnerability in the WordPress plugin “WooCommerce Advanced Shipment Tracking” (woo-advanced-shipment-tracking) up to version 4.0. The issue is described as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) that l...

7.6CVSS6.1AI score0.00372EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-57714 WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS0.00291EPSS
Exploits0References1
cve
cve
added 3 days ago6 views

CVE-2026-57385

Vulnerable software: WordPress Vitepos plugin (vitepos-lite) up to version 3.4.2. Root cause: improper neutralization of special elements in SQL commands enabling blind SQL injection. Impact: high (CVSS v3.1 base 8.5) with network-based attack, low complexity, low privileges, no user interaction;...

8.5CVSS6.1AI score0.0026EPSS
Exploits0References1
cve
cve
added 3 days ago12 views

CVE-2026-12582

CVE-2026-12582 affects the Library Management System WordPress plugin where versions prior to 3.5.8 fail to sanitize and escape a user-supplied parameter used in a SQL statement. This permits unauthenticated attackers to perform SQL injection and exfiltrate data from the database, including user ...

8.6CVSS6.2AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder