Lucene search
K

1404 matches found

CVE
CVE
β€’added 4 hours agoβ€’5 views

CVE-2026-59515

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
β€’added 3 days agoβ€’26 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
β€’added 4 days agoβ€’32 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
CVE
CVE
β€’added 5 days agoβ€’6 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
CVE
CVE
β€’added 2026/07/06 7:21 a.m.β€’11 views

CVE-2026-14809

CVE-2026-14809 affects PROG MIS’s Prog Management System. The connected CVE records confirm an SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The description does not specify the exact vulnerable component, versi...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References2
NVD
NVD
β€’added 2026/07/04 10:16 p.m.β€’10 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
Cvelist
Cvelist
β€’added 2026/07/04 9:45 p.m.β€’43 views

CVE-2026-14657 code-projects Assessment Management Database Query marking-scheme.php sql injection

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
β€’added 2026/07/04 9:45 p.m.β€’9 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6Affected Software1
CVE
CVE
β€’added 2026/07/04 9:45 p.m.β€’13 views

CVE-2026-14657

CVE-2026-14657 describes a SQL injection flaw in the code-projects Assessment Management 1.0, affecting the Database Query Handler. The vulnerability arises from how the argument squestions[] is processed in the file /lecturer/marking-scheme.php, enabling remote exploitation. The exploit is publi...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6
NVD
NVD
β€’added 2026/07/04 9:17 p.m.β€’8 views

CVE-2026-14652

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
β€’added 2026/07/04 12:0 a.m.β€’14 views

PT-2026-55737

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An SQL injection flaw exists in the Database Query Handler component due to improper processing of the /lecturer/marking-scheme.php endpoint. A remote attacker can exploit this by...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References9
NVD
NVD
β€’added 2026/07/02 6:16 a.m.β€’8 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
NVD
NVD
β€’added 2026/06/28 7:16 p.m.β€’14 views

CVE-2026-49048

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

9.8CVSS0.00505EPSS
Exploits1References1
Cvelist
Cvelist
β€’added 2026/06/28 6:37 p.m.β€’42 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS0.00505EPSS
Exploits1References1
EUVD
EUVD
β€’added 2026/06/28 9:45 a.m.β€’8 views

EUVD-2026-39986

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
β€’added 2026/06/26 6:0 a.m.β€’11 views

EUVD-2026-39625

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

7.7CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/06/26 12:0 a.m.β€’10 views

PT-2026-53001

Name of the Vulnerable Software and Affected Versions Fleet DM affected versions not specified Description An issue exists in the global policy read endpoint GET /api/latest/fleet/policies/policy id where authorization is performed against an empty structure with a nil TeamID. This allows the...

4.3CVSS6AI score
Exploits0References4
NVD
NVD
β€’added 2026/06/25 12:17 a.m.β€’12 views

CVE-2026-9785

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 11:53 a.m.β€’12 views

EUVD-2025-210326

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
Positive Technologies
Positive Technologies
β€’added 2026/06/24 12:0 a.m.β€’18 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
Rows per page
Query Builder