Lucene search
K

616 matches found

NVD
NVD
added 2026/06/19 6:16 p.m.10 views

CVE-2019-25756

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:28 p.m.6 views

EUVD-2019-20192

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:28 p.m.11 views

CVE-2019-25756

CVE-2019-25756 affects Joomla! Component vAccount 2.0.2. The vulnerability is an SQL injection in the vaccount-dashboard/expense endpoint, where an unauthenticated attacker can inject payloads via the vid parameter to perform arbitrary SQL queries and exfiltrate sensitive data such as database ve...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:28 p.m.16 views

CVE-2019-25756 Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 4:32 p.m.8 views

gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense

Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...

5.9AI score
Exploits0References4Affected Software1
Fedora
Fedora
added 2026/04/25 1:55 a.m.6 views

[SECURITY] Fedora 44 Update: skrooge-26.1.20-3.fc44

skrooge is a personal finances manager, aiming at being simple and intuitive. It allows you to keep track of your expenses and incomes, categorize them, and build reports of them...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-6193

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 6:30 p.m.8 views

EUVD-2026-22032

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:0 p.m.5 views

CVE-2026-6193

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 5:0 p.m.23 views

CVE-2026-6193 PHPGurukul Daily Expense Tracking System register.php sql injection

A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may...

7.5CVSS0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.5 views

PHPGurukul Daily Expense Tracking System SQL注入漏洞

The PHPGurukul Daily Expense Tracking System is a system for tracking daily expenses developed by PHPGurukul. Version 1.1 of the PHPGurukul Daily Expense Tracking System contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “email” in the file...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19766

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25473

CVE-2019-25473 affects Clinic Pro via SQL injection on the monthly_expense_overview endpoint, exploitable by authenticated users through the month parameter. Root cause: improper input handling enabling boolean/time-based/error-based SQL injection. Impact: confidentiality impact HIGH; integrity L...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.4 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/02/08 12:16 a.m.6 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS0.00381EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/07 11:2 p.m.6 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

7.5CVSS7.2AI score0.00381EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder