Lucene search
K

77 matches found

CVE
CVE
added 2026/02/24 2:50 a.m.45 views

CVE-2026-27461

Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 3:1 a.m.2 views

CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6.1AI score0.0049EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 6:16 p.m.8 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.8AI score0.00415EPSS
Exploits1References4
NVD
NVD
added 2026/02/02 11:16 p.m.15 views

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

9.1CVSS0.09528EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.14 views

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 12:15 a.m.10 views

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 11:55 p.m.4 views

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/13 10:56 p.m.25 views

CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

8.8CVSS0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/26 12:0 a.m.10 views

EUVD-2025-205435

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

6.5CVSS7.5AI score0.00259EPSS
Exploits2References2
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

ChurchCRM Event Participant Editor SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...

9.6CVSS6AI score0.00371EPSS
Exploits1References1
CVE
CVE
added 2025/11/14 12:0 a.m.17 views

CVE-2025-63891

The vulnerability CVE-2025-63891 affects SourceCodester’s Simple Online Book Store System. A remote, unauthenticated attacker can disclose the full database contents (including schema and credential hashes) by accessing a web‑accessible backup file via an unauthenticated HTTP GET to /obs/database...

7.5CVSS6.2AI score0.00401EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.8 views

PT-2025-44587

Name of the Vulnerable Software and Affected Versions Abis Technology BAPSIS versions prior to 202510271606 Description An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' issue exists in Abis Technology BAPSIS, allowing for Blind SQL Injection. This allows...

9.8CVSS7.4AI score0.00339EPSS
Exploits0References8
Hacker One
Hacker One
added 2025/10/22 9:18 p.m.18 views

Revive Adserver: Error-Based & Time-Based SQL Injection in 'keyword' Parameter of admin-search.php Allowing Full Database Access in Revive Adserver v6.0.0

==Cricetinae== Summary: A critical SQL Injection vulnerability has been identified in Revive Adserver's administrative search functionality, specifically in the admin-search.php file. The vulnerability exists in the handling of the keyword GET parameter, which is passed to multiple database queri...

8.8CVSS9.1AI score0.00931EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5887

Malicious code in bioql PyPI...

7.2CVSS8.7AI score0.00544EPSS
Exploits0References9
OSV
OSV
added 2025/10/01 12:0 a.m.5 views

CVE-2025-52042

In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...

8.2CVSS7.4AI score0.00305EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38610

Name of the Vulnerable Software and Affected Versions Vasion Print Virtual Appliance Host versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923 Description Vasion Print contains dangerous PHP dead code in multiple Docker-hosted PHP instances. A script located at...

9.3CVSS8.6AI score0.01322EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/09/06 8:4 p.m.2 views

CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

9.9CVSS7AI score0.17647EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2025/09/06 2:36 a.m.258 views

Exploit for CVE-2025-58443

CVE-2025-58443 exploit POC for https://github.com/FOGProject/...

7.3AI score0.17647EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/01/20 12:0 a.m.10 views

PT-2025-4856 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.10 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the...

10CVSS8.7AI score0.00579EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.8 views

PT-2024-39144 · Unknown · Alisonic Sibylla

Name of the Vulnerable Software and Affected Versions: Alisonic Sibylla affected versions not specified Description: The issue concerns SQL injection attacks, which could allow complete access to the database. Attackers can remotely compromise databases. There is no information provided about the...

9.8CVSS8AI score0.00561EPSS
Exploits0References9
Rows per page
Query Builder