Lucene search
K

129 matches found

EUVD
EUVD
added 2026/04/12 3:30 p.m.3 views

EUVD-2019-20137

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS6.2AI score0.00269EPSS
Exploits1References5
NVD
NVD
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25707

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS0.00269EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/26 7:6 p.m.23 views

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS0.00446EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Tandoor Recipes SQL注入漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Recipe API endpoint exposing a hidden debug query...

8.7CVSS5.9AI score0.00446EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/06 3:31 p.m.5 views

EUVD-2018-21627

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00293EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:15 p.m.5 views

CVE-2018-25171

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

8.8CVSS0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 1:15 p.m.9 views

CVE-2018-25172

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

8.8CVSS0.00293EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 1:15 p.m.6 views

CVE-2018-25163

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

8.8CVSS0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25199 OOP CMS BLOG 1.0 SQL Injection via search parameter

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

8.8CVSS6.1AI score0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25173

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.6 views

CVE-2025-1726

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...

4.3CVSS6.9AI score0.00379EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-202290

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...

7.6AI score0.00343EPSS
Exploits1References2
OSV
OSV
added 2025/11/10 9:40 p.m.6 views

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

6.9CVSS6.6AI score0.00372EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/24 12:0 a.m.6 views

pgcodekeeper 安全漏洞

pgCodeKeeper is an open source Eclipse plugin for database schema management from pgCodeKeeper. A security vulnerability exists in pgcodekeeper version 10.12.0, which stems from storing passwords and usernames in clear text and could lead to the disclosure of sensitive information...

6.2CVSS6.3AI score0.00126EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-18832

Malware in sbrugna...

8CVSS7.8AI score0.02013EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4903

Malware in sbrugna...

9.8CVSS9.2AI score0.01211EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-3605

Malware in sbrugna...

5CVSS6.4AI score0.01175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-24807

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00519EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5287

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00379EPSS
Exploits0References3
Rows per page
Query Builder