Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2026/04/30 9:16 p.m.4 views

CVE-2026-7435

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

8.6CVSS0.00164EPSS
Exploits0References3
NVD
NVDadded 2026/03/20 11:18 a.m.3 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00045EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/20 10:35 a.m.21 views

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00045EPSS
Exploits1References3
CVE
CVEadded 2026/03/10 7:55 p.m.5 views

CVE-2026-29174

CVE-2026-29174 : Craft Commerce (Craft CMS) is vulnerable to SQL injection in the inventory levels endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated into addOrderBy() without validation, allowing an authenticated attacker with access to the Commerce Inventory sec...

8.8CVSS6AI score0.00015EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/10 3:1 a.m.1 views

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6.1AI score0.00022EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/26 12:0 a.m.2 views

EUVD-2025-205435

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

6.5CVSS7.5AI score0.00009EPSS
Exploits2References2
Rows per page
Query Builder