Lucene search
K

1165 matches found

NVD
NVD
added 12 hours ago4 views

CVE-2026-57773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-58493

CVE-2026-58493 affects grav-plugin-database (Grav CMS) prior to 1.2.0. The plugin builds PDO DSN strings by concatenating user-configurable YAML values (host, dbname, charset, server, database, directory, filename) without sanitization, enabling an administrator with plugin config access to injec...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 5 days ago10 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

6.3CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-12936

The CVE-2026-12936 relates to the Recurio – Ultimate Subscription for WooCommerce WordPress plugin. It describes a generic SQL Injection via the 'data' parameter in all versions up to and including 1.1.3 , caused by insufficient escaping and inadequate query preparation. With shop manager-level a...

4.9CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 5 days ago12 views

CVE-2026-9701

The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 8:39 p.m.5 views

SQL Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection through the SQLChatAgent process. An attacker can access arbitrary files on the server by crafting SQL queries that bypass the regex-based blocklist using quoted...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.4 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 7:45 p.m.7 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 7:16 p.m.8 views

CVE-2026-14766

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:45 p.m.9 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.12 views

PT-2026-55728

Name of the Vulnerable Software and Affected Versions code-projects Online Voting System version 1.0 Description A remote SQL injection is possible through the manipulation of the voterName, voterEmail, voterID, or selectedCandidate variables within the test input function of the '/saveVote.php'...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/01 4:15 p.m.8 views

EUVD-2026-41062

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.5 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2026-39783

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51575

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/19 5:15 p.m.17 views

CVE-2019-25752 Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-40771

CVE-2026-40771 affects the WordPress Contest Gallery plugin and is an unauthenticated SQL Injection vulnerability in versions

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 8:59 a.m.79 views

sql_injection_exploit.sh

sqlinjectionexpl...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 1:11 p.m.79 views

-Web-Attack-Detection-Lab

!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...

5.8AI score
Exploits0
Rows per page
Query Builder