Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82159 matches found

Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-44878

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form post.php endpoint with crafted SQL payloads to extrac...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.5 views

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.4 views

PT-2026-44864

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-44882

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket id parameter. Attackers can send GET requests to add facnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.8 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the id parameter, which may allow attackers to manipulate...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2026/05/29 12:0 a.m.40 views

📄 OpenCATS 0.9.7.4 SQL Injection

OpenCATS version 0.9.7.4 suffers from a remote SQL injection vulnerability. Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else...

5.9AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.12 views

PT-2026-44860

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
OSV
OSVadded 2026/05/28 10:39 p.m.7 views

GHSA-C3PX-H233-H6FQ Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

7.7CVSS6AI score0.0046EPSS
Exploits0References4
NVD
NVDadded 2026/05/28 10:17 p.m.9 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS0.00456EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.11 views

CVE-2026-46833

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attac...

9CVSS0.00328EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.6 views

CVE-2026-46835

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS0.00273EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.11 views

CVE-2026-46834

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/28 8:41 p.m.9 views

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.00456EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:41 p.m.7 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

6AI score0.00456EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/28 8:41 p.m.10 views

EUVD-2026-33054

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.00456EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:20 p.m.6 views

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

9.8CVSS6AI score0.00375EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/28 8:17 p.m.10 views

EUVD-2026-33013

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attac...

9CVSS5.8AI score0.00328EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 8:17 p.m.9 views

EUVD-2026-33014

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 8:17 p.m.7 views

EUVD-2026-33015

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References1
Rows per page
Query Builder