Lucene search
K

1389 matches found

RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.12 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:16 p.m.10 views

CVE-2021-47966

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.9 views

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

BlueNoteMKVI PHP Timeclock SQL注入漏洞

BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of BlueNoteMKVI PHP Timeclock contains a SQL injection vulnerability. This vulnerability stems from the loginuserid parameter in the...

8.8CVSS5.9AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.12 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.01178EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 2:22 p.m.12 views

CVE-2020-37224

Technical details (affected product/version, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates from the sources for any new information or confirmed fixes.

7.1CVSS5.9AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40834

Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 4.26.0 Strapi versions 5.0.0 through 5.33.1 Description A database-query injection exists in the Content-Type Builder write API. An authenticated administrator can inject arbitrary database statements through the...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Inc. Version 1.3.0 of Joomsky Joomla J2 JOBS contains a SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers to injec...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:8 p.m.7 views

CVE-2026-44862 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 2:20 a.m.69 views

CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS0.00466EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-39999

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 a.m.11 views

EUVD-2026-29034

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

7.3CVSS6.3AI score0.00753EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 6:0 a.m.12 views

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

6.3AI score0.00753EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.32 views

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

8.8CVSS0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

CodeAstro Online Catering Ordering System 注入漏洞

The CodeAstro Online Catering Ordering System is an online catering ordering system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Online Catering Ordering System has a SQL injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:33 p.m.6 views

CVE-2026-44337

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS5.8AI score0.00216EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.38 views

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

0.00241EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.8 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

5.9AI score0.00764EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.15 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS7.5AI score0.00754EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/05/07 10:1 a.m.34 views

Online-Hospital-Management-System-has-SQL-Injection

Online Hospital Management System has SQL Injection vulnerabil...

6.2AI score
Exploits0
Rows per page
Query Builder