Lucene search
K

82466 matches found

Snyk
Snyk
added 2026/02/06 3:31 p.m.2 views

Improper Output Neutralization for Logs

Overview org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to insufficient escaping of unicode characters in query.log output. A user can inject a malicious log...

5.4CVSS5.5AI score0.00207EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.6 views

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.6CVSS5.7AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 12:2 p.m.8 views

EUVD-2026-5688

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/06 9:32 a.m.4 views

CVE-2026-2013 itsourcecode Student Management System index.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...

7.5CVSS5.4AI score0.00416EPSS
Exploits1References5
NVD
NVD
added 2026/02/06 9:15 a.m.8 views

CVE-2026-2012

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

9.8CVSS0.00326EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 8:24 a.m.355 views

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

9.8CVSS0.94085EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6769

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References7
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

itsourcecode School Management System SQL注入漏洞

itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameter IDs in the file...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6724

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01 Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting XSS if logs are opened in a tool that interprets them as HTML. The issue is present in bo...

5.4CVSS5AI score0.00207EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6799

Name of the Vulnerable Software and Affected Versions Agentspace versions prior to December 12th, 2025 Description The Agentspace service had a flaw that led to the exposure of sensitive information. This was due to the use of predictable Google Cloud Storage bucket names for error logs and...

9.1CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6705

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...

9.8CVSS5.7AI score0.00326EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from information leaks, which may lead to the retrieval of sensitive management database credentials...

9.1CVSS5.8AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6732

Name of the Vulnerable Software and Affected Versions Infor SyteLine ERP affected versions not specified Description The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption...

7.8CVSS5.5AI score0.00097EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.3 views

PT-2026-6768

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a SQL Injection issue within the ajax select.php endpoint when processing the componenti operation. An authenticated attacker can inject malicious SQL code...

8.7CVSS6AI score0.00423EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6851

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

8.7CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6737

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains multiple SQL injection flaws that allow manipulation of database queries. Attackers can leverage the Router ID and Router IP parameters to exploit error-based, time-based, and union-bas...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.12 views

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of the itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...

9.8CVSS7.2AI score0.00416EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

AhadPOS SQL注入漏洞

AhadPOS is a web-based point-of-sale software developed by RIMbalinux’s individual developers. Version 1.11 of AhadPOS contains an SQL injection vulnerability, which stems from the alamatCustomer parameter being susceptible to SQL injections. This vulnerability could allow attackers to extract...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6867

Summary A SQL Injection vulnerability exists in the ajax select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...

8.7CVSS6AI score
Exploits0References3
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.73.0 have a SQL injection vulnerability. This vulnerability occurs when querying JSON or richText fields, where user input is directly embedded into SQL without...

9.8CVSS5.9AI score0.00453EPSS
Exploits0References2
Rows per page
Query Builder