Lucene search
K

484 matches found

Veracode
Veracode
added 2026/03/18 4:23 p.m.28 views

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

6.5CVSS6.3AI score0.00233EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/03/17 7:51 p.m.6 views

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...

8.8CVSS6.1AI score0.00323EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.7 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

6AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.7 views

EUVD-2025-208665

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 7:55 p.m.35 views

CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

8.7CVSS0.00436EPSS
Exploits1References3
CVE
CVE
added 2026/03/10 7:55 p.m.39 views

CVE-2026-29174

CVE-2026-29174 : Craft Commerce (Craft CMS) is vulnerable to SQL injection in the inventory levels endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated into addOrderBy() without validation, allowing an authenticated attacker with access to the Commerce Inventory sec...

8.8CVSS6AI score0.00436EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 7:55 p.m.3 views

CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

8.7CVSS6AI score0.00436EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 7:55 p.m.4 views

CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

8.7CVSS6AI score0.00436EPSS
Exploits1References5
OSV
OSV
added 2026/03/10 6:23 p.m.4 views

GHSA-PMGJ-GMM4-JH6J Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting

Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...

8.7CVSS6AI score0.00436EPSS
Exploits1References5
NVD
NVD
added 2026/02/25 7:43 p.m.5 views

CVE-2026-23627

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.8CVSS0.00779EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 5:39 p.m.5 views

EUVD-2026-8700

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS6.6AI score0.00779EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 5:39 p.m.23 views

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS0.00779EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 5:39 p.m.4 views

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS6.4AI score0.00779EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 5:39 p.m.7 views

CVE-2026-23627

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.8CVSS6.4AI score0.00779EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/25 5:39 p.m.5 views

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS6.7AI score0.00779EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

9.3CVSS5.4AI score0.00191EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6.1AI score0.0049EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 4:16 a.m.7 views

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6AI score0.0049EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 a.m.17 views

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS0.0049EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 3:1 a.m.2 views

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6.1AI score0.0049EPSS
Exploits0References2
Rows per page
Query Builder