Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82391 matches found

EUVD
EUVDadded 2026/03/16 7:13 p.m.5 views

EUVD-2026-12492

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS6.1AI score0.00329EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/03/16 6:47 p.m.6 views

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

Summary POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2026/03/16 6:47 p.m.3 views

GHSA-RJHH-M223-9QQV SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes

Summary POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their content as SiYuan note documents in the workspace database, making them...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/03/16 3:30 p.m.27 views

CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions TRUE or FALSE into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the...

9.8CVSS0.00281EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/16 3:30 p.m.3 views

EUVD-2025-208741

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS6AI score0.00147EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/16 3:30 p.m.2 views

EUVD-2026-12421

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS6.9AI score0.00278EPSS
Exploits0References9
EUVD
EUVDadded 2026/03/16 3:30 p.m.1 views

EUVD-2026-12220

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/16 3:30 p.m.4 views

EUVD-2025-208720

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/16 3:30 p.m.6 views

EUVD-2015-9421

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

8.8CVSS6AI score0.00417EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/16 3:17 p.m.8 views

EUVD-2026-12480

Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...

8.3CVSS5.8AI score0.00142EPSS
Exploits1References3
NVD
NVDadded 2026/03/16 3:16 p.m.2 views

CVE-2025-52646

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

5.3CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/16 2:42 p.m.20 views

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/16 2:42 p.m.3 views

CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

2.2CVSS6AI score0.00147EPSS
Exploits0References1
NVD
NVDadded 2026/03/16 2:19 p.m.3 views

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
NVD
NVDadded 2026/03/16 2:19 p.m.6 views

CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

6.5CVSS0.00246EPSS
Exploits1References1
NVD
NVDadded 2026/03/16 2:17 p.m.4 views

CVE-2015-20120

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

9.8CVSS0.00417EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/16 2:2 p.m.3 views

CVE-2026-4241 itsourcecode College Management System time-table.php sql injection

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/16 2:2 p.m.23 views

CVE-2026-4241 itsourcecode College Management System time-table.php sql injection

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS0.00192EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/16 12:27 p.m.22 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/16 12:27 p.m.3 views

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

4.5CVSS6AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder