Lucene search
K

9843 matches found

Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55820

Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description An issue exists in the /builderHome.php file where improper handling of the loc variable allows for remote SQL injection. SQL injection is a technique where an attacker inserts maliciou...

7.5CVSS7.2AI score0.00269EPSS
Exploits0References10
NVD
NVD
added 5 days ago6 views

CVE-2026-14659

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...

6.5CVSS0.00319EPSS
Exploits0References6
CVE
CVE
added 5 days ago12 views

CVE-2026-14659

Summary : CVE-2026-14659 affects itsourcecode Hospital Management System 1.0. The vulnerability is in the /patientappointment.php script, where manipulation of the patiente argument enables SQL injection. This is a network-facing issue with low-priority details reported as proof-of-concept exploi...

6.5CVSS6.5AI score0.00319EPSS
Exploits0References6
CVE
CVE
added 5 days ago15 views

CVE-2026-14658

The CVE-2026-14658 issue affects code-projects Assessment Management 1.0, specifically the file /lecturer/marking-scheme.php. The vulnerability is an SQL injection caused by manipulating the parameter smarksrange[]; it enables remote exploitation. Public exploit information is noted in the descri...

6.5CVSS6.5AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-14649

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-14649 code-projects Online Voting System saveVote.php test_input sql injection

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 5 days ago14 views

CVE-2026-14642

SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection in the /edit_class2.php endpoint caused by unsafely manipulated ID parameter. The vulnerability is remote and publicly exploitable (PoC). CVSS data from multiple sources indicate a NETWORK attack with low complexity and...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41688

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 5 days ago13 views

CVE-2026-14639

CVE-2026-14639 affects CodeAstro Ecommerce Website 1.0. The vulnerability is an SQL injection in the code path handling the URL /ecommerce-website-php/customer/my_account.php?edit_account, caused by unsafely manipulated parameter c_name. This allows potentially remote attacker access with low pri...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41685

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-55738

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An issue exists in the /lecturer/marking-scheme.php file where improper handling of the smarksrange variable allows for remote SQL injection. SQL injection is a technique where an...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago12 views

EUVD-2026-41469

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

IBM App Connect Enterprise 12.0.1.x < 12.0.12.27 / 13.0.1.x < 13.0.8.0 SQL Injection (7278350)

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. Note that Nessus has not tested for this issue but has instead relied...

5.5CVSS6AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added last week34 views

CVE-2026-56841

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-50747

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...

9.9CVSS5.8AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-14363

A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References6
CVE
CVE
added last week15 views

CVE-2025-69094

CVE-2025-69094 affects the WordPress Unicamp theme (versions

8.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder