Lucene search
K

82956 matches found

Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-62422

In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS
Exploits0References1
CVE
CVE
added 6 hours ago17 views

CVE-2026-62422

CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...

10CVSS6.1AI score
Exploits0References1
NVD
NVD
added 6 hours ago5 views

CVE-2026-15043

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS
Exploits0References4
CVE
CVE
added 7 hours ago10 views

CVE-2026-15043

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 8 hours ago5 views

CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago40 views

REST API TO MiniProgram <= 4.7.1 - SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS6.1AI score0.03792EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago52 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS6.1AI score0.39797EPSS
Exploits6References5
Nuclei
Nuclei
added 10 hours ago60 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.4AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago66 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS6.8AI score0.09743EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago54 views

Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion

Joomla! Omilen Photo Gallery comomphotogallery component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. id: CVE-2009-4202 info: name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion...

7.5CVSS6.3AI score0.08109EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago25 views

Joomla! Component WMI 1.5.0 - Local File Inclusion

A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface aka WMI or comwmi component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1607 info: name: Joomla!...

6.8CVSS6.3AI score0.08177EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago71 views

LearnPress < 4.2.7.1 - SQL Injection

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS7AI score0.63134EPSS
Exploits6References2
Nuclei
Nuclei
added 10 hours ago95 views

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS7.1AI score0.90067EPSS
Exploits5References4
Nuclei
Nuclei
added 10 hours ago6 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6.1AI score0.03016EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago41 views

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

7.5CVSS7.1AI score0.01961EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago60 views

WatchGuard Fireware AD Helper Component - Credentials Disclosure

WatchGuard Fireware Threat Detection and Response TDR service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. id: CVE-2020-10532 info: name: WatchGuard Fireware ...

7.5CVSS7AI score0.02762EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago24 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago58 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS6.8AI score0.02181EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago12 views

ThemeGrill Demo Importer < 1.6.2 - Database Reset

ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...

9.1CVSS7.1AI score0.03429EPSS
Exploits1References2
Rows per page
Query Builder