EUVD-2026-29948

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

EUVD-2025-209821

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

EUVD-2026-29896

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

CVE-2020-37226

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

CVE-2020-37224

Technical details (affected product/version, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates from the sources for any new information or confirmed fixes.

CVE-2020-37224 Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

CVE-2020-37224 Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

CVE-2020-37218

Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

CVE-2020-37218 Joomla com_hdwplayer 4.2 SQL Injection via search.php

Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

EUVD-2026-29953

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

unverified_exploits

Unverified Exploits - Rule-Based Exploit Generation & Testing...

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

CVE-2026-8401

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2026-8388

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2026-8391

creationtimestamp| type| source ---|---|--- 2026-05-13 06:28:15+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-per-mozilla-firefox 2026-05-13 06:44:38+00:00| seen| https://vulnerability.circl.lu/bundle/eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f 2026-05-19 20:00:00+00:00| seen|...

CVE-2025-11159

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2025-11159

Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.