Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

80324 matches found

Vulnrichment
Vulnrichmentadded 2026/05/27 7:55 a.m.7 views

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:55 a.m.7 views

CVE-2026-40833

CVE-2026-40833 describes an unauthenticated SQL Injection in the saveDashboardLayout function of dash.php, allowing a low-privileged, remote attacker to read the entire database and insert data into a non-critical table. The issue arises from improper neutralization of user-supplied elements in a...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:55 a.m.6 views

EUVD-2026-32132

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:55 a.m.5 views

CVE-2026-40833

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichmentadded 2026/05/27 7:55 a.m.6 views

CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:55 a.m.3 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.00458EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/27 7:54 a.m.24 views

CVE-2026-40831 Authenticated SQLi in Easy View

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00039EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:54 a.m.23 views

CVE-2026-40830 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00043EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:54 a.m.9 views

CVE-2026-40830

CVE-2026-40830 describes an unauthenticated SQL Injection in the admin.mbnetj.php file’s UpdateParam function, enabling a high-privilege remote attacker to read the entire database and alter values in a non-critical table. Impact includes total confidentiality loss and some integrity loss; no ava...

7CVSS6AI score0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:54 a.m.4 views

CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichmentadded 2026/05/27 7:54 a.m.5 views

CVE-2026-40830 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:54 a.m.6 views

EUVD-2026-32159

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:53 a.m.10 views

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichmentadded 2026/05/27 7:53 a.m.4 views

CVE-2026-40829 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:53 a.m.6 views

EUVD-2026-32158

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:53 a.m.9 views

CVE-2026-40829

CVE-2026-40829 describes an unauthenticated SQL Injection in the view.html.php UpdateParam function, exploitable by a high-privilege remote attacker. It can read the entire database and alter values in a non-critical table, leading to total confidentiality loss and some integrity loss. The connec...

7CVSS6AI score0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:53 a.m.8 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00043EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:53 a.m.4 views

EUVD-2026-32157

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:53 a.m.23 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:53 a.m.7 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00043EPSS
Exploits0References2Affected Software4
Rows per page
Query Builder