Lucene search
K

1152 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-1198

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

8.6CVSS6AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 11:27 a.m.7 views

CVE-2026-1198 SQL Injection in SIMPLE.ERP

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

8.6CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

koa 输入验证错误漏洞

Koa.js is an open-source project developed by Koa.js, which uses Node.js as an expressive middleware. Versions of Koa prior to 3.1.2 and 2.16.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper parsing of the HTTP Host header, which could lead ...

7.5CVSS7.3AI score0.00334EPSS
Exploits1References3
NVD
NVD
added 2026/02/25 6:16 a.m.9 views

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

9.8CVSS0.00379EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 12:2 a.m.4 views

CVE-2026-3135

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS5.4AI score0.00333EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21877

Name of the Vulnerable Software and Affected Versions itsourcecode News Portal Project version 1.0 Description A SQL injection issue exists due to the improper handling of the pagetitle argument in the processing of the /admin/contactus.php file. This allows for remote attacks. The exploit has be...

9.8CVSS7AI score0.00371EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.6 views

SonicWALL TZ Insufficient Verification of Data Authenticity (CVE-2022-47522)

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept possibly cleartext target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point such as authentication...

7.5CVSS5.5AI score0.00897EPSS
Exploits1References5
NVD
NVD
added 2026/02/22 3:16 p.m.8 views

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

9.8CVSS0.00331EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.6 views

UJCMS 安全漏洞

UJCMS is a Java open-source content management system developed by dromara. Version UJCMS 10.0.2 contains a security vulnerability, which stems from incorrect handling of parameters driverClassName/url in files/api/backend/ext/import-data/import-channel, potentially leading to injection attacks...

9.8CVSS6.6AI score0.00331EPSS
Exploits0References5
NVD
NVD
added 2026/02/19 6:24 p.m.6 views

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/14 8:26 a.m.5 views

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.25 views

CVE-2019-25325 Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...

8.8CVSS0.00329EPSS
Exploits0References6
OSV
OSV
added 2026/02/12 7:38 p.m.6 views

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.5AI score0.00166EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/10 6:47 a.m.4 views

CVE-2026-2094 Flowring|Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS6.3AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.6 views

Code-Projects Online Application System for Admission SQL注入漏洞

Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the Code-Projects Online Application System for Admission contains a SQL injection vulnerability. This vulnerability stems from incorrect operations with the...

9.8CVSS7.2AI score0.00391EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.12 views

Code-Projects Contact Management System SQL注入漏洞

Code-Projects Contact Management System is an open-source contact management system developed by Code-Projects. Version 1.0 of the Code-Projects Contact Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter selecteditem0 in the...

8.8CVSS6.7AI score0.00243EPSS
Exploits0References5
CVE
CVE
added 2026/02/07 11:2 p.m.22 views

CVE-2026-2116

CVE-2026-2116 affects itsourcecode Society Management System 1.0. An SQL injection vulnerability exists in the admin/edit_expenses.php file triggered by manipulating the expenses_id argument, with remote access possible. Multiple sources confirm the flaw and public exploitation has been disclosed...

9.8CVSS7.2AI score0.00381EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/07 3:15 p.m.3 views

CVE-2026-2089

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

9.8CVSS5.7AI score0.00312EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/05 8:51 p.m.4 views

SQL Injection

Overview @payloadcms/db-postgres is a The officially supported Postgres database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
CVE
CVE
added 2026/01/30 10:7 p.m.20 views

CVE-2020-37057

CVE-2020-37057 affects Online-Exam-System 2015. A SQL injection in the feedback module is exploitable via the fid parameter, enabling manipulation of database queries and potential extraction, modification, or deletion of data. The CVSS metrics indicate high impact to confidentiality, integrity, ...

9.8CVSS6AI score0.00502EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder