Lucene search
K

83094 matches found

CVE
CVE
added 2 hours ago6 views

CVE-2026-46459

ICU Scandinavia Boomerang is affected by a missing authentication vulnerability in its device receiver endpoints. An unauthenticated remote attacker can read full facility configurations and write unauthorized data to the sensor database. The issue is mitigated by upgrading to version 2.4.18.029....

5.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 5 hours ago5 views

CVE-2026-57821

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS
Exploits0References3
NVD
NVD
added 6 hours ago3 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS
Exploits0References2
CVE
CVE
added 8 hours ago9 views

CVE-2026-15804

The CVE-2026-15804 entry concerns MetaGuru’s HCM Product with a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands through specific parameters, compromising database confidentiality, integrity, and availability. The connected records confirm affected component as ...

8.8CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 8 hours ago5 views

CVE-2026-15804

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 9 hours ago8 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

Exploits0References1
EUVD
EUVD
added 9 hours ago9 views

EUVD-2026-44595

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

8.6CVSS6.2AI score
Exploits0References1
CVE
CVE
added 9 hours ago10 views

CVE-2026-12512

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

8.6CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added 11 hours ago250 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
Nuclei
Nuclei
added 11 hours ago54 views

Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion

Joomla! Omilen Photo Gallery comomphotogallery component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. id: CVE-2009-4202 info: name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion...

7.5CVSS6.3AI score0.08109EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago60 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.4AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago121 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.2AI score0.97405EPSS
Exploits21References5
Nuclei
Nuclei
added 11 hours ago50 views

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

6.1CVSS6.8AI score0.0085EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago66 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS6.8AI score0.09743EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago255 views

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

9.8CVSS7AI score0.10814EPSS
Exploits3References3
Nuclei
Nuclei
added 11 hours ago164 views

Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

8.6CVSS7AI score0.64697EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago115 views

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

7.5CVSS7AI score0.1494EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago204 views

XWiki < 4.10.20 - Remote code execution

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a close...

10CVSS7.3AI score0.3428EPSS
Exploits4References3
Nuclei
Nuclei
added 11 hours ago104 views

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

8.8CVSS7.1AI score0.05141EPSS
Exploits3References5
Rows per page
Query Builder