Lucene search
K

643 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-4321

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS6AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13526 SourceCodester Class and Exam Timetabling System edit_class.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.40 views

CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52833

Name of the Vulnerable Software and Affected Versions Recipe Maker For Your Food Blog from Zip Recipes versions prior to 8.2.8 Description A SQL Injection issue exists that allows exploitation at the contributor level. SQL Injection is a technique where an attacker inserts malicious SQL code into...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:8 p.m.7 views

CVE-2019-25750

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/19 4:28 p.m.5 views

EUVD-2017-19000

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 2:50 p.m.31 views

CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:4 p.m.7 views

EUVD-2026-37720

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS5.6AI score0.00567EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-54187

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 1:7 p.m.9 views

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/12 5:34 p.m.41 views

CVE-2026-44172

CVE-2026-44172 affects MariaDB (community fork of MySQL). In versions 3.3.18 and 3.4.8, non-validated user input escaped with mysql_real_escape_string() and sent via text protocol using the big5 character set could be exploited for SQL injection, despite the escaping attempt. The issue has been p...

9.8CVSS5.5AI score0.00419EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.20 views

CVE-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

6.9CVSS5.5AI score0.00419EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

WordPress plugin Product Filter by WBW SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.8AI score0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.39 views

CVE-2026-42835

Microsoft Teams for Android contains a vulnerability described as improper neutralization of special elements in output used by a downstream component ('injection'), enabling an authorized attacker to disclose information over a network. Affected software: Microsoft Teams for Android. Root cause:...

8.1CVSS5.4AI score0.01259EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Nemon Trade Energy和Nemon Trade Energy CRM SQL注入漏洞

Nemon Trade Energy and Nemon Trade Energy CRM are both products of the Spanish company Nemon. Nemon Trade Energy is a platform for managing energy retail businesses. Nemon Trade Energy CRM is a platform for managing energy customer relationships. Both Nemon Trade Energy and Nemon Trade Energy CRM...

9.3CVSS6.3AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 10:45 a.m.10 views

EUVD-2026-35043

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 3:15 a.m.20 views

CVE-2026-11483

The CVE-2026-11483 entry concerns SourceCodester Class and Exam Timetabling System 1.0. A SQL injection vulnerability exists in an unknown function of the file /archive4.php, triggered by manipulating the argument sy. Exploitation is possible remotely, and the exploit has been publicly released. ...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47263

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS7AI score0.00263EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7128

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...

7.5CVSS7AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder