Lucene search
K

719 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-53448 Coturn: SQL Injection in HTTPS Admin Panel Delete Operations

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS0.00677EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42802

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS6.3AI score0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 7:17 p.m.7 views

CVE-2026-58521

A flaw was found in the Mediawiki - Cargo Extension. This vulnerability allows an attacker to inject malicious commands into database queries. This could lead to unauthorized access to sensitive information, modification of data, or disruption of the database's availability...

9.8CVSS5.8AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-489 SQLAlchemyDA unauthenticated arbitrary SQL query execution

Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. Patches The problem has been patched in version 2.2. Workarounds There is no workaround. All users are urged to upgrade to versi...

9.8CVSS6.1AI score0.00881EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 12:33 a.m.7 views

EUVD-2026-39147

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52150

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibrarySlot JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52109

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The /api/icon/getDynamicIcon endpoint is excluded from authentication. When this endpoint is called with type=8 and a valid block id parameter, it invokes the RenderDynamicIconContentTemplate function...

5.9CVSS6.3AI score0.00239EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61023

An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:0 a.m.7 views

CVE-2025-61028

CVE-2025-61028 affects the virtuoso-opensource product (time_t_to_dt component) in version 7.2.11. A flaw allows an attacker to trigger a Denial of Service by sending crafted SQL statements, potentially making the system unavailable to legitimate users. The Red Hat and OSV Ubuntu entries corrobor...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.33 views

CVE-2025-61018

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:16 p.m.14 views

CVE-2019-25753

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:25 p.m.17 views

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:34 p.m.30 views

CVE-2017-20275 Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comphpbridge&view=phpview parameters and...

8.8CVSS0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 3:37 p.m.5 views

EUVD-2017-18985

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50942

Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...

7.1CVSS6.1AI score0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/17 8:7 p.m.22 views

CVE-2026-11407 Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS0.00623EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 8:7 p.m.33 views

CVE-2026-11407

PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...

8.6CVSS6.8AI score0.00623EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/16 4:2 p.m.9 views

SQL Injection

org.linlinjava, litemall-wx-api is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the list function of WxGoodsController within the Front-end WeChat API, which allows a remote attacker to perform SQL injection attacks by manipulating craft...

7.5CVSS7.6AI score0.00259EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
Rows per page
Query Builder