Lucene search
K

1987 matches found

Nuclei
Nuclei
added 12 hours ago16 views

Push Notification for Post and BuddyPress <= 1.93 - SQL Injection

Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignalexternalid' and 'onesignalgetsubscriptionoptionsid' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficie...

9.8CVSS6AI score0.02491EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago242 views

Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

9.8CVSS7.4AI score0.80596EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 6 days ago3 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
Chainguard
Chainguard
added 6 days ago8 views

CVE-2023-45133 vulnerabilities

Vulnerabilities for packages: awx, arangodb...

9.3CVSS6.7AI score0.0052EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 8:59 a.m.71 views

sql_injection_exploit.sh

sqlinjectionexpl...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/14 5:30 p.m.83 views

SQLi.py

No d...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/24 1:16 a.m.77 views

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in pgpool2

In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.7 views

CVE-2026-44221

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

9CVSS0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 7:53 p.m.37 views

CVE-2026-44221 ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

9CVSS0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 8:38 p.m.12 views

CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References5
HackRead
HackRead
added 2026/05/04 3:8 p.m.6 views

Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Researchers revealed 20-year-old PostgreSQL flaws at Wiz ZeroDay.Cloud event, exposing critical bugs in pgcrypto and prompting urgent patches for database security...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36206

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can cause a denial of service due to improper neutralization of special elements in data query logic. Recommendations At the moment...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/26 11:27 p.m.123 views

info-security-portfolio

Information Security Portfolio A curated collection of nine e...

10CVSS7.6AI score0.99999EPSS
Exploits351
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code...

8.8CVSS5.9AI score0.00706EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 7:30 p.m.2 views

GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

6AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Sequelize SQL注入漏洞

Sequelize is an open-source database ORM Object-Relational Mapping tool for Node.js. Versions of Sequelize prior to 6.37.8 had a SQL injection vulnerability. This vulnerability stemmed from type conversion that wasn’t properly escaped during the handling of JSON/JSONB WHERE clauses, which could...

7.5CVSS5.8AI score0.00422EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/03/09 1:49 p.m.3 views

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.01079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/09 1:49 p.m.2 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.11 views

Web Ofisi E-Ticaret SQL注入漏洞

Web Ofisi E-Ticaret is an e-commerce system developed by the Turkish company Web Ofisi. The Web Ofisi E-Ticaret v5 version has a SQL injection vulnerability, which stems from insufficient input validation for the q parameter. This vulnerability may lead to SQL injection attacks...

8.8CVSS5.8AI score0.00363EPSS
Exploits1References4
Rows per page
Query Builder