Lucene search
K

9783 matches found

Cvelist
Cvelist
added 2026/05/12 5:45 p.m.36 views

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

6.5CVSS0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 4:54 p.m.29 views

CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

7.2CVSS0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.7 views

CVE-2026-32687

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS6AI score0.00198EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.11 views

CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 12:32 p.m.32 views

EUVD-2026-29456

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 12:32 p.m.8 views

EUVD-2026-29450

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 11:2 a.m.28 views

CVE-2026-45214

CVE-2026-45214 : SQL injection vulnerability in the WordPress plugin “Xpro Elementor Addons” (xpro-elementor-addons) up to version

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.7 views

CVE-2026-45211 WordPress APIExperts Square for WooCommerce plugin <= 4.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42742 WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 11:2 a.m.40 views

CVE-2026-45213 WordPress BEAR plugin <= 1.1.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

7.6CVSS0.00226EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 9:51 a.m.9 views

WordPress Custom CSS JS PHP plugin <= 2.0.7 - Unauthenticated SQL Injection to RCE vulnerability

Unauthenticated SQL Injection to RCE vulnerability discovered by John Umoru in WordPress Plugin Custom css-js-php versions = 2.0.7...

7.3CVSS5.9AI score0.00753EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:31 a.m.7 views

CVE-2025-6577

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.32 views

EUVD-2026-29389

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:20 a.m.8 views

CVE-2026-40131

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.14 views

CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin BEAR SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/11 6:58 p.m.13 views

SQL Injection

SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...

9.8CVSS6.8AI score0.00541EPSS
Exploits1References6Affected Software2
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29115

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

5.9AI score0.00495EPSS
Exploits1References4
NVD
NVD
added 2026/05/11 4:17 p.m.14 views

CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...

6CVSS0.00211EPSS
Exploits0References2
Rows per page
Query Builder